[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] password policy: delayed failures
On Jul 1, 2010, at 6:47 AM, Kurt Zeilenga wrote:
>
> On Jul 1, 2010, at 3:28 AM, Jim Willeke wrote:
>
>> Just a comment on our experiences with LDAP server delays on failed bind attempts.
>>
>> We have encountered issues with applications when there is a delay between failed attempts.
>> When there is an delay, the application is left waiting for a response from the server.
>>
>> This was the case with Novell's eDirectory for many years, there was a fixed delay, and due to this condition, Novell added a feature to make the delay adjustable.
>>
>> If the delay is 3 seconds and five people in a row fail there password, the application can only handle 5 people in 15 seconds, which is an eternity in our context.
>
> I noted this in my original comment and first followup, including providing two possible solutions. I favor adding an "authenticate" extended operation.
Another approach would be to use a yet-to-specified chaining operation to chain the Bind request.
-- Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext