I am using org.springframework.security.ldap.ppolicy.Password PolicyAwareContextSource to connect to an OpenLDAP server with ppolicy enabled.
I am binding with an account that its password is expired but I never get PasswordPolicyException.
By browsing the source code (spring-security-ldap-3.1.0) I can see that a PasswordPolicyExceptions is thrown only when an account is locked. Why is that?
In order to get PasswordPolicyExceptions, I 've replaced the original code:
<original code>
if (ctrl != null) {
if (ctrl.isLocked()) {
throw new PasswordPolicyException(ctrl.getErrorStatus());
}
}
</original code>
with:
<my code>
if (ctrl != null && ctrl.getErrorStatus()!=null) {
throw new PasswordPolicyException(ctrl.getErrorStatus());
}
</my code>

I don't know if it' s the "right" way, but it seems to work. Any comments?

Thanks