[Date Prev][Date Next]
Re: Server side delay for bad passwords?
Dan White writes:
> I'm planning on allowing public access to my OpenLDAP server for
> address book access. I'm only planning to allow authenticated
> access, both via simple binds and SASL binds, not anonymously.
> But I'd like to enforce a server side delay of, for example, 5
Several seconds' delay? Your users would murder you. Except the ones
who didn't know LDAP already and just concluded that LDAP is crap.
> I understand that I could implement the password policy overlay
> to temporarily lockout an account once it's reached a certain
> number of bad password attempts, but I believe that only applies
> to simple (-x) binds. Is that correct?
Don't know, but the manpage doesn't mention "simple", only "bind".