Our development team is going to be authenticating users against the
directory. We are also planning on implementing password policies for
these users. The LDAP protocol does not seem to have very descriptive
error messages that would tell an LDAP client things like 'user not
authenticated because their password has expired' or 'couldn't set the
user's password because it's too short'.

Is there any way that these types of more verbose error messages could be
delivered to an application when they try to auth a user or reset their
password? I thought that the DSML/SOAP driver looked promising but all
the docs seem to suggest that the errors in the response document are
just the same standard error messages from LDAP.

Thanks for your time