Ldap - wrong password and immdiate lock in AD


#1

hi,
i’m using AD and my AD admin told me that 3 consecutive failed tries will lock me in the AD.
when i run single “curl” command with wrong password i can see in the elastic log 6 rows:

[error][t.b.r.a.d.l.u.unboundidauthenticationldapclient] ldap authenticate operation failed: ldaperr dsid-…

and i immediately locked.

why one command tries to run couple of times?
can i configure somewhere that one command will try one authenticate ?

thanks


(Simone Scarduzio) #2

@sdba2 This is a known issue: the LDAP connector only caches correct credentials.
Fortunately, this has a fix in the current master branch. Would you like to be the first one to test it? In that case please tell me the ES version you are using.


#3

yes
i’m using es 6.1.1 and ror 1.16.17


(Simone Scarduzio) #4

OK Try this please https://readonlyrest-data.s3-eu-west-1.amazonaws.com/tmp/readonlyrest-1.16.18-pre1_es6.1.1.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEKIPNTOTIVGQ4EQ/20180319/eu-west-1/s3/aws4_request&X-Amz-Date=20180319T150225Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3618cce5dd2cb8b429d3f22d220e58acb9ef98bc33815d8e3a974614f7b54404