Some LDAP Users cannot login

cancel
Showing results for 
Search instead for 
Did you mean: 
Active Member

Re: Some LDAP Users cannot login

Jump to solution

Solution:

In alfresco-global.properties


authentication.protection.enabled=false

So now the user can log in after unlocking in ad.

But so we think that the mitigating brute force attack on user passwords in Alfresco does not work correctly.

Mitigating brute force attack on user passwords | Alfresco Documentation 

Thanks and regards!

Member II

Re: Some LDAP Users cannot login

Jump to solution

The protection mechanism should be better described. For that I understand only the user should be blocked after 10 unsuccessful login attempts (authentication.protection.limit = 10), but there are no reports of non-authenticating users attempting to log in with the wrong password several times.

Customer

Re: Some LDAP Users cannot login

Jump to solution

Hi:

I think this is not for using audit tools like hydra in an evil way. But I think it may be problematic for the final user, when Alfresco is configured with a complex authentication chain with several user directory origins, and the user is failing several times the real password because he/she needs more coffee...

Regards.

--C.

Active Member II

Re: Some LDAP Users cannot login

Jump to solution

I have a similar problem and I think it has something to do with ldap-ad. When a user enters an incorrect password, their account gets locked on AD. When they are unlocked on AD, they are still locked on alfresco. The

authentication.protection.periodSeconds=6

settings seems to have no effect, as the account is locked until the alfresco service is restarted.

The solution of :

authentication.protection.enabled=false

works for me too