There may be more cases to consider but when a user supplies an incorrect password or the account is locked,
a javax.naming.AuthenticationException is thrown. Currently comparing the strings returned by ex.getMessage() is
the only way to determine which event occurred.
[LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=xyz,o=corp]
[LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was permanently locked]