diff --git a/src/main/main.go b/src/main/main.go
index 3c51f45..933b825 100644
--- a/src/main/main.go
+++ b/src/main/main.go
@@ -40,6 +40,9 @@ func authenticateUser(username, password string) (*UserData, error) {
 
 	connected, err := ldapServer.AuthenticateUser(userDN, password)
 	if err != nil {
+		if strings.Contains(err.Error(), "Password is expired") {
+			return nil, fmt.Errorf("Password expired for %s\n", username)
+		}
 		return nil, err
 	}
 	if connected == false {
@@ -87,7 +90,6 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// 2. Logic for processing the form
 	if r.Method == http.MethodPost {
 		username := r.FormValue("username")
 		if strings.Contains(username, "/") {
diff --git a/src/main/password_expiry.go b/src/main/password_expiry.go
index cd897ce..544e347 100644
--- a/src/main/password_expiry.go
+++ b/src/main/password_expiry.go
@@ -17,14 +17,18 @@ func InitPasswordExpiry() {
 }
 
 func CheckPasswordExpriy() {
+	logging.Infof("Starting password expiry check")
+
 	now := time.Now().UTC()
 	formatted := now.Format("20060102150405Z")
 
-	search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"uid", "cn", "mail", "krbPasswordExpiration"})
+	search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"cn", "mail", "krbPasswordExpiration"})
 	if err != nil {
 		logging.Warn(err.Error())
 	}
 
+	logging.Infof("%d users with expired passwords", search.EntryCount())
+
 	for i := range search.EntryCount() {
 		emailAddr := search.GetEntry(i).GetAttributeValue("mail")
 		if len(emailAddr) <= 0 {