User's password is reaching expiration but has not yet expired:
iChain will not redirect the user to the password management servlet URL.
User's password is expired butÂ no grace logins
If no grace logins are allowed, or if the grace logins run out, the LDAP BIND result code returned is "invalidCredentials" and the user is not allowed to login to iChain.Â The user will never recieve the 302 redirect to the password management servlet URL.
User's password is expiredÂ and grace logins remain:
If grace logins are allowed, the LDAP BIND result code returned is"success" and iChain is notified that the password is expired.Â The user then recieves a 302 redirect to the password management servlet URL.
- The user's password expires.
- The user logs into iChain.
- A Bind Request using the full DN of the user is sent to the LDAP server.
- If the LDAPÂ Bind Result code returned is "success" but specifies an error message "NDS error: password expired (-223)".
- A 302 redirect is sent to the user's browser with the location of the password management servlet URL specified in the iChain configuration.