Dan White writes:
I'm planning on allowing public access to my OpenLDAP server for address book access. I'm only planning to allow authenticated access, both via simple binds and SASL binds, not anonymously. (...) But I'd like to enforce a server side delay of, for example, 5 seconds.
Several seconds' delay? Your users would murder you. Except the ones who didn't know LDAP already and just concluded that LDAP is crap.
I understand that I could implement the password policy overlay to temporarily lockout an account once it's reached a certain number of bad password attempts, but I believe that only applies to simple (-x) binds. Is that correct?
Don't know, but the manpage doesn't mention "simple", only "bind".