Querying LDAP to determine if user account is locked

We have a Oracle LDAP server that is part of our Siebel CRM.   We are using LDAP authentication in our users module so we can authenticate against this LDAP.   This is mostly working, however we are finding that when a users password has expired in LDAP we do not get back any expiration message when attempting to log the user in.   We simply get a response that the username or password is invalid.

Any suggestions on how we can determine when a user needs to update their password based on an authenication attempt?   I've tried all of the server actions that seem relevant in the user module and none provide any useful information.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.