[Date Prev][Date Next] [Chronological] [Thread] [Top]

Account Lockout

Hi All!

I am trying to figure out the best way to implement Account Lockout within
OpenLDAP. Specificly to mimic the functionality available in iPlanet.

The general scenario is that someone tries to authenticate and fails some
number of times. After the specific number of failures is reached they get
locked out for a period of time.

That time continues to get refreshed every time a failed authentication
occurs while the lockout is in effect. The end user has no idea that the
account is locked, versus just incorrect credentials.

My Question:
Where should I look to implement this feature within OpenLDAP? A module?
Inside the authenticaiton components?

Obviously I would like to do this at a single point to apply to all types
of authentication (current and future). Any guidence to help me in the
right direction would be appreciated! If there is any document that talks
about the structure of the code that may be all I would need to see (but I
can't find any architecture doc anywhere).