We implemented the password policy overlay for the purpose of enabling automatic account
lockouts after a certain number of failed binds during a certain time span. Testing shows
it works as expected, however it does no logging no matter what loglevel I set.
Management would like to know how often automated lockouts are occurring, on which
accounts, and where the connections are coming from (i.e., normal connection logging
records the IP address).
Is there any way to make this happen without having to directly query the underlying
database (do you have an example query for that?) or run a cron job every minute to search
on an attribute (pwdAccountLockedTime) that rarely shows up in a user record (such a
search maxes out CPU)?
If this is not possible currently, is there some way to make this an enhancement request
for a future release?
Any suggestions appreciated.
Show replies by date