Hi Ray, I am asking a different concept. I am looking for a concept of passivator where connection pool gets blocked after a failed login attempt. If we use more than one ldap. During unsuccessful login ,bind will happen on both simultaneously which will result to account lock. I have tried using the property poolpassivator=BIND if I m using ldap type as AUTHENTICATED.
Still account get locked after 2 unsuccessful login attempt Thanks and regards. On Wed, May 20, 2020 at 10:54 PM Ray Bon <r...@uvic.ca> wrote: > Vikash, > > Cas log in throttling is handled by these (and related settings), not ldap > settings: > > # Authentication Throttling > # > https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#authentication-throttling > # default is by ip address only > # enable following to use user name and ipaddress > # cas.authn.throttle.usernameParameter=username > # this is a rate of failed attempts: threshold / rangeSeconds > cas.authn.throttle.failure.threshold=1 > cas.authn.throttle.failure.rangeSeconds=3 > > In your log file, check what happens between cas and ldap: > > <AsyncLogger name="org.ldaptive" level="${sys:ldap.log.level}" > includeLocation="true" /> > > Ray > > > On Wed, 2020-05-20 at 19:19 +0530, Vikash Chandra Ansh wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > I have tried all the possible ways.. But could not find the conclusion.. > I have used below properties. > > #${configurationKey}.ldapUrl=ldaps:// > > ldap1.example.edu > > ldaps:// > > ldap2.example.edu > > ldaps://ldap > > 3 > > . > > example.edu > > ldaps://ldap > > 4 > > . > > example.edu > > > #${configurationKey}.bindDn=cn=Directory Manager,dc=example,dc=org > > #${configurationKey}.bindCredential=Password > > > #${configurationKey}.poolPassivator=BIND > > #${configurationKey}.connectionStrategy= > > #${configurationKey}.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider > > #${configurationKey}.connectTimeout=PT5S > > > #${configurationKey}.minPoolSize=3 > > #${configurationKey}.maxPoolSize=10 > > #${configurationKey}.validateOnCheckout=true > > #${configurationKey}.validatePeriodically=true > > #${configurationKey}.validatePeriod=PT5M > > #${configurationKey}.validateTimeout=PT5S > > #${configurationKey}.failFast=true > > #${configurationKey}.idleTime=PT10M > > #${configurationKey}.prunePeriod=PT2H > > #${configurationKey}.blockWaitTime=PT3S > > #${configurationKey}.useSsl=true > > #${configurationKey}.useStartTls=false > > #${configurationKey}.responseTimeout=PT5S > > #${configurationKey}.allowMultipleDns=false > > #${configurationKey}.allowMultipleEntries=false > > #${configurationKey}.followReferrals=false > > #${configurationKey}.binaryAttributes=objectGUID,someOtherAttribute > > > Kindly guide me what to do. > Thanks and regards > > On Wed 13 May, 2020, 23:16 Ray Bon, <r...@uvic.ca> wrote: > > Vikash, > > See > https://apereo.github.io/cas/6.1.x/installation/Configuring-Authentication-Throttling.html > Also check you ldap settings/logs to see if the issue is there. > > Ray > > On Wed, 2020-05-13 at 16:15 +0530, Vikash Chandra Ansh wrote: > > Hi all, > > I am getting an unusual behaviour. Currently I am using four ldaps for > authentication. If suppose a user has entered wrong credentials at > once,account is locked. > Kindly help me to resolve this. > > I have added authentication type as authenticated. > > > -- > > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/c0a72976877ab465b2668c242229f6d806733132.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c0a72976877ab465b2668c242229f6d806733132.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | r...@uvic.ca > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/0c2cc4b7c4a8bc1e5e2b43935db102c1d993315c.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0c2cc4b7c4a8bc1e5e2b43935db102c1d993315c.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdrvxj47acNdKz-FCpHRN2_BfDDqEg7-Lp%2Bxw6Y-C%3Drt-R9-Q%40mail.gmail.com.
