You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2008-09-26 17:51:05

stesubw
Member
Registered: 2008-09-26
Posts: 4

Login AD max number retries lock user account

Hi,
our Windows domain allow max 5 login failures then the user account will be locked for 30 minutes.
We have seen in Protection logs that 1 GLPI login failure send 7/8 ldap connection retries in a second.
Is possible to limit the number of Ldap connection during Login?
There is some PHP function or file we can modify?
Thanks.
Ste

Offline

#2 2008-10-16 18:05:26

stesubw
Member
Registered: 2008-09-26
Posts: 4

Re: Login AD max number retries lock user account

Well, no solution posted.

So, we try a Workaround modifying login.php to manage login attempts.

Changes:
- Commented the lines of alternative connections (pop, ...) in the file login.php
- in LDAP authentication configuration removed the secondary servers

Result:
- in domain controller's Protection Log for each failure attempt arelogged 2 events. This prevents to lock account at the first attempt.

I suggest in new release, in configuration, we can manage (enable or disable) alternative connections to limit this kind of problem.

I hope it can be useful to you.
Bye.

Offline

Pages: 1

Board footer

Powered by FluxBB