mwarren@symas.com wrote:
We would like make a new feature request for enhanced logging within the Password Policy Module. A customer has a need for logging of automated password lockouts which occur after a certain number of failed binds within a given time window. Pertinent info would include the DN of the locked out user as well as the source IP of the failed attempt(s).
When running a consumer with slapo-accesslog (yes, not for delta-syncrepl) slapo-ppolicy's modifications are written to the accesslog-DB. I use it in a highly secure environment for seeing logins (slapo-lastbind) and login failures (but no failure lockout).
Having just a syslog entry in this case would probably better regarding performance though. Maybe even a info message along with the BIND RESULT message would do.
Ciao, Michael.