[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8024) Password Policy Logging Enhancement

mwarren@symas.com wrote:
> We would like make a new feature request for enhanced logging within the
> Password Policy Module. A customer has a need for logging of automated password
> lockouts which occur after a certain number of failed binds within a given time
> window. Pertinent info would include the DN of the locked out user as well as
> the source IP of the failed attempt(s).

When running a consumer with slapo-accesslog (yes, not for delta-syncrepl)
slapo-ppolicy's modifications are written to the accesslog-DB. I use it in a
highly secure environment for seeing logins (slapo-lastbind) and login
failures (but no failure lockout).

Having just a syslog entry in this case would probably better regarding
performance though. Maybe even a info message along with the BIND RESULT
message would do.

Ciao, Michael.