Description:

I would like to know how to retrieve the real LDAP error code or message returned by the user directory during an authentication step and be able display it in a login page. How could I do it?

Solution:

LDAP return code is not sent to the webagent. It is limited to policy server and thus, webagent won't be able to retrieve those values. Policy server only returns different smauthreason values which can be captured at the webagent side.

• A way you could get the true directory return code would be by redirecting the user to a custom page which then bypasses SiteMinder and makes a direct calls;
  
  
• You can also take a look at OnAuthAttempt events to send a response url redirects, http responses or smauthreason variable, even fcc can get the reason from one of these sources and show it;
  
  
• If you only need to display a username/password invalid type of message then you could do so by checking the SMTRYNO cookie by scripting.