- πΊπΈUnited States bluegeek9
Is there any interest in funding the development of this feature?
I guess this would be implemented by increasing an attribute, different attributes for different systems.
OpenLDAP (I suspect Apple Open Directory, too)
pwdMaxFailure
pwdMaxFailure number-of-attempts# example
pwdMaxFailure 5
This attribute controls how many consecutive password failures are allowed before the action defined by pwdLockout is taken. If the attribute value is 0 (the default) an unlimited number of consecutive password failure attempts are allowed. If the attribute value is >0 this defines the maximum number of consecutive failed password attempts allowed before the action defined by pwdLockout is taken. Any successful bind operation resets the count.Active Directory
This attribute specifies the number of times the user tried to log on to the account by using an incorrect password. A value of 0 indicates that the value is unknown.cn: Bad-Pwd-Count
ldapDisplayName: badPwdCount
attributeId: 1.2.840.113556.1.4.12
attributeSyntax: 2.5.5.9
omSyntax: 2
isSingleValued: TRUE
schemaIdGuid: bf96792e-0de6-11d0-a285-00aa003049e2
systemOnly: TRUE
searchFlags: 0
attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATEDThis feature wouldn't be supported for 'Generic ldap' servers.
- Status changed to Active
6 months ago 10:20pm 18 March 2024 - π¦πͺUnited Arab Emirates leslie.cordell Dubai
I added a small hook for this one, it add a new hook that's invoked in the login authenticate validate hook inside of the ldap_authentication.module file.
It's working for the purposes we have for it, so I've added it in case anyone finds this useful.