We implemented the password policy overlay for the purpose of enabling automatic account lockouts after a certain number of failed binds during a certain time span. Testing shows it works as expected, however it does no logging no matter what loglevel I set.
Management would like to know how often automated lockouts are occurring, on which accounts, and where the connections are coming from (i.e., normal connection logging records the IP address).
Is there any way to make this happen without having to directly query the underlying database (do you have an example query for that?) or run a cron job every minute to search on an attribute (pwdAccountLockedTime) that rarely shows up in a user record (such a search maxes out CPU)?
If this is not possible currently, is there some way to make this an enhancement request for a future release?
Any suggestions appreciated.