[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes

subbarao@computer.org wrote:
> In the particular situation that's prompting this request, it's not just
> two or three values -- for one entry it was over 38000 values that had
> accumulated over time! (and generally high values for many other entries).

If you have entries with tens of thousands of Bind failures being recorded, 
you have a security monitoring problem. The limit applied by the patch for 
this ITS will only mask the problem. The fact that your security auditors 
haven't already noticed these tens of thousands of Bind failures and stopped 
them at their source means you've got a major vulnerability in your network 

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/