[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8024) Password Policy Logging Enhancement

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8024) Password Policy Logging Enhancement
From: michael@stroeder.com
Date: Wed, 14 Jan 2015 21:23:15 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

mwarren@symas.com wrote:
> We would like make a new feature request for enhanced logging within the
> Password Policy Module. A customer has a need for logging of automated password
> lockouts which occur after a certain number of failed binds within a given time
> window. Pertinent info would include the DN of the locked out user as well as
> the source IP of the failed attempt(s).

When running a consumer with slapo-accesslog (yes, not for delta-syncrepl)
slapo-ppolicy's modifications are written to the accesslog-DB. I use it in a
highly secure environment for seeing logins (slapo-lastbind) and login
failures (but no failure lockout).

Having just a syslog entry in this case would probably better regarding
performance though. Maybe even a info message along with the BIND RESULT
message would do.

Ciao, Michael.

Prev by Date: (ITS#8024) Password Policy Logging Enhancement
Next by Date: (ITS#8025) OpenLDAP authorisation on a client causes policykit GUI features to fail
Index(es):
- Chronological
- Thread