1 files changed, 15 insertions, 3 deletions

diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c
index 785a4482a..84288a903 100644
--- a/src/util/sss_ldap.c
+++ b/src/util/sss_ldap.c
@@ -28,7 +28,19 @@
 #include "config.h"
 
 #include "util/sss_ldap.h"
+#include "util/util.h"
 
+const char* sss_ldap_err2string(int err)
+{
+    static const char *password_expired = "Password expired";
+
+    switch (err) {
+    case LDAP_X_SSSD_PASSWORD_EXPIRED:
+        return password_expired;
+    default:
+        return ldap_err2string(err);
+    }
+}
 
 int sss_ldap_control_create(const char *oid, int iscritical,
                             struct berval *value, int dupval,
@@ -357,7 +369,7 @@ fail:
     if (ret == LDAP_SUCCESS) {
         tevent_req_done(req);
     } else {
-        DEBUG(1, ("ldap_initialize failed [%s].\n", ldap_err2string(ret)));
+        DEBUG(1, ("ldap_initialize failed [%s].\n", sss_ldap_err2string(ret)));
         if (ret == LDAP_SERVER_DOWN) {
             tevent_req_error(req, ETIMEDOUT);
         } else {
@@ -392,7 +404,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
 
     lret = ldap_init_fd(state->sd, LDAP_PROTO_TCP, state->uri, &state->ldap);
     if (lret != LDAP_SUCCESS) {
-        DEBUG(1, ("ldap_init_fd failed: %s\n", ldap_err2string(lret)));
+        DEBUG(1, ("ldap_init_fd failed: %s\n", sss_ldap_err2string(lret)));
         close(state->sd);
         if (lret == LDAP_SERVER_DOWN) {
             tevent_req_error(req, ETIMEDOUT);
@@ -409,7 +421,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
                 DEBUG(5, ("TLS/SSL already in place.\n"));
             } else {
                 DEBUG(1, ("ldap_install_tls failed: %s\n",
-                          ldap_err2string(lret)));
+                          sss_ldap_err2string(lret)));
 
                 tevent_req_error(req, EIO);
                 return;