From bc277e4c0a246d5ae1cf18e8cd2264a7912f785e Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sun, 28 Jun 2020 20:46:32 +0200
Subject: [PATCH] enhanced error messages

---
 lam/HISTORY         |  1 +
 lam/lib/account.inc | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/lam/HISTORY b/lam/HISTORY
index 0670b1ab..6f28f59a 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -1,6 +1,7 @@
 September 2020
   - PHP 7.4 compatibility
   - Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2)
+  - Better error messages on login when account is expired/deactivated/...
   - Windows users: group display format can be configured (cn/dn)
 
 01.05.2020 7.2
diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 928bd33d..e280db7a 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -1487,6 +1487,18 @@ function getDefaultLDAPErrorString($server) {
 		logNewMessage(LOG_DEBUG, 'Password change failed because of ' . $extError);
 		$extError = _('Your password does not meet the password strength qualifications. Please retry with another one.');
 	}
+	elseif ((strpos($extError, 'DSID') !== false) && (strpos($extError, 'data 773,') !== false)) {
+		logNewMessage(LOG_DEBUG, 'Login failed because of ' . $extError);
+		$extError = _('Password change required');
+	}
+	elseif ((strpos($extError, 'DSID') !== false) && (strpos($extError, 'data 533,') !== false)) {
+		logNewMessage(LOG_DEBUG, 'Login failed because of ' . $extError);
+		$extError = _('Account is deactivated');
+	}
+	elseif ((strpos($extError, 'DSID') !== false) && (strpos($extError, 'data 701,') !== false)) {
+		logNewMessage(LOG_DEBUG, 'Login failed because of ' . $extError);
+		$extError = _('Account is expired');
+	}
 	$genericErrorMessage = ldap_error($server);
 	$message = _('LDAP error, server says:') . ' ' . $genericErrorMessage;
 	if (!empty($extError) && ($genericErrorMessage != $extError)) {