We want to customize the IDS login page to add a check to verify if the user password is near to expiration. One option would be to read the pwdExpirationTime attribute through LDAP, but Id like to know if is there a better way to do it.
Now, we have the check to forward the user to SSPR if the password is expired. We want something similar but to show the user a message letting him know his password is expiring in 15 days (for instance).

Any idea?

Jos Luis