Full_Name: Mark Warren Version: 2.4.x OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (72.35.133.119) Greetings, We would like make a new feature request for enhanced logging within the Password Policy Module. A customer has a need for logging of automated password lockouts which occur after a certain number of failed binds within a given time window. Pertinent info would include the DN of the locked out user as well as the source IP of the failed attempt(s). Best Regards, Mark
mwarren@symas.com wrote: > We would like make a new feature request for enhanced logging within the > Password Policy Module. A customer has a need for logging of automated password > lockouts which occur after a certain number of failed binds within a given time > window. Pertinent info would include the DN of the locked out user as well as > the source IP of the failed attempt(s). When running a consumer with slapo-accesslog (yes, not for delta-syncrepl) slapo-ppolicy's modifications are written to the accesslog-DB. I use it in a highly secure environment for seeing logins (slapo-lastbind) and login failures (but no failure lockout). Having just a syslog entry in this case would probably better regarding performance though. Maybe even a info message along with the BIND RESULT message would do. Ciao, Michael.
moved from Incoming to Software Enhancements