I use LDAP to authenticate users on my app.
<cftry>
<cfldap action="query"
name ="qryAuth"
attributes="cn,displayname,mail"
start ="DC=corp,DC=com"
server ="#LDAPserver#"
filter = "(cn=#arguments.EID#)"
username ="corp\#arguments.EID#"
password ="#arguments.password#">
<cfset this.addlog(arguments.EID, "Success on #LDAPserver#")>
<cfreturn true>
<cfcatch>
<cfset this.addlog(arguments.EID, "#cfcatch.message# on #LDAPserver#")>
<cfif cfcatch.message CONTAINS "error code 49">
Error code 49 is when a user enters a bad password. Every time this is ran an error is logged. Is there a way to check for passwords via LDAP without using try/catch?
Write a pre-parse plugin that performs the BIND before the server performs the operation and sets a well-known condition indicating he BIND would have failed. Professional-quality LDAP server provide the described functionality out of the box.