Controlling LDAP authentication

Hello everyone,

i am in process of changing our authentication method, so we can integrate our AD authentication in our programs. At the moment i am using they %SYS.LDAP object, and trying to use the .Bind() method with the user information to authenticate. This seems to work without issues, but here the problems start.

When i flag a user 'Change password on next logon' in our Active Directory, the Bind fails with a status error: "Invalid Credentials". To make sure the user who logged in is in fact the user to change the password. I still need to check if this user entered the correct current login information.

Checking the fields 'badPwdCount' or 'badPasswordTime' does not help since they are not filled after a failed .Bind() it seems.

Anyone has experience with this issue and knows how to work around the change password issue?

Thank you guys in advance!

Thomas