Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-8574

Updating AD information every time user submits wrong password when logging in

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Timed out
    • None
    • None
    • Confluence EAR/WAR Version 2.4.2, Bea WebLogic Server 8.1.4, j2sdk1.4.2_08
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Our authentication has been integrated with our AD trough osuser.xml. The problem is that even if there is functionality to lock up the password after five (5) wrong password entries in AD, Confluence doesn't update the information before the session has been restarted.

      If someone knows confluence-administrators user name, the person can try to guess the password countless times without Confluence lock the account. Meaning that the attribute in badPwdCount in AD increases every time user pushes the Log In button, but the after five wrong password entries the information about password being locked doesn't go from AD to Confluence. The problem disappears when session is restarted (meaning the browser session, not server session).

            [CONFSERVER-8574] Updating AD information every time user submits wrong password when logging in

            Sen made changes -
            Workflow Original: JAC Suggestion Workflow 4 [ 3571842 ] New: JAC Suggestion Workflow 3 [ 4334657 ]
            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow 2 [ 3174783 ] New: JAC Suggestion Workflow 4 [ 3571842 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3031599 ] New: JAC Suggestion Workflow 2 [ 3174783 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing v4 [ 2535249 ] New: JAC Suggestion Workflow [ 3031599 ]
            Rachel Lin (Inactive) made changes -
            Workflow Original: Confluence Workflow - Public Facing v3 [ 2297667 ] New: Confluence Workflow - Public Facing v4 [ 2535249 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing v3 - TEMP [ 2193463 ] New: Confluence Workflow - Public Facing v3 [ 2297667 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing v3 [ 1913800 ] New: Confluence Workflow - Public Facing v3 - TEMP [ 2193463 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing v2 [ 1754909 ] New: Confluence Workflow - Public Facing v3 [ 1913800 ]
            jonah (Inactive) made changes -
            Description Original: Our authentication has been integrated with our AD trough osuser.xml. The problem is that even if there is functionality to lock up the password after five (5) wrong password entries in AD, Confluence doesn't update the information before the session has been restarted.

            If someone knows confluence-administrators user name, the person can try to guess the password countless times without Confluence lock the account. Meaning that the attribute in badPwdCount in AD increases every time user pushes the Log In button, but the after five wrong password entries the information about password being locked doesn't go from AD to Confluence. The problem disappears when session is restarted (meaning the browser session, not server session).             		New: {panel:bgColor=#e7f4fa}
              *NOTE:* This suggestion is for *Confluence Server*. Using *Confluence Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-8574].
              {panel}

            Our authentication has been integrated with our AD trough osuser.xml. The problem is that even if there is functionality to lock up the password after five (5) wrong password entries in AD, Confluence doesn't update the information before the session has been restarted.

            If someone knows confluence-administrators user name, the person can try to guess the password countless times without Confluence lock the account. Meaning that the attribute in badPwdCount in AD increases every time user pushes the Log In button, but the after five wrong password entries the information about password being locked doesn't go from AD to Confluence. The problem disappears when session is restarted (meaning the browser session, not server session).
            jonah (Inactive) made changes -
            Link New: This issue relates to CONFCLOUD-8574 [ CONFCLOUD-8574 ]

              barconati BillA
              9b8f9002b2d8 Petteri Parkkila
              Votes:
              3 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: