I am implementing a Expired Password scenario, integrating with an external LDAP wherein the password reset is managed by a different site. LDAPStorageProvider.validPassword expects a mapper which sets required action to RequiredAction.UPDATE_PASSWORD; Should I create a custom mapper, override onAuthenticationFailure and call LoginFormsProvider.createPasswordReset(), that I can customize with a link to go to another site to reset password? The default UPDATE_PASSWORD wants the LDAP provider to be writable, in my case the LDAP is read only. I managed to get to createPasswordReset(), but the page does not show and the authentication is reported as successful. What is the best way to implement this?