From cc902f35dff0e61e57aa02d24067d829e955a453 Mon Sep 17 00:00:00 2001
From: Pavlos Drandakis <pdrados@gmail.com>
Date: Wed, 2 May 2012 17:01:31 +0300
Subject: [PATCH] Throw PasswordPolicyException when ErrorStatus is not null
 instead of when account is locked only.

---
 .../ldap/ppolicy/PasswordPolicyAwareContextSource.java        | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
index 63f04eafbaf..7ed6c21e54a 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyAwareContextSource.java
@@ -58,10 +58,8 @@ public DirContext getContext(String principal, String credentials) throws Passwo
 
             LdapUtils.closeContext(ctx);
 
-            if (ctrl != null) {
-                if (ctrl.isLocked()) {
+            if (ctrl != null && ctrl.getErrorStatus()!=null) {
                     throw new PasswordPolicyException(ctrl.getErrorStatus());
-                }
             }
 
             throw LdapUtils.convertLdapException(ne);