Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-8574

Updating AD information every time user submits wrong password when logging in

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Timed out
    • None
    • None
    • Confluence EAR/WAR Version 2.4.2, Bea WebLogic Server 8.1.4, j2sdk1.4.2_08
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Our authentication has been integrated with our AD trough osuser.xml. The problem is that even if there is functionality to lock up the password after five (5) wrong password entries in AD, Confluence doesn't update the information before the session has been restarted.

      If someone knows confluence-administrators user name, the person can try to guess the password countless times without Confluence lock the account. Meaning that the attribute in badPwdCount in AD increases every time user pushes the Log In button, but the after five wrong password entries the information about password being locked doesn't go from AD to Confluence. The problem disappears when session is restarted (meaning the browser session, not server session).

            [CONFSERVER-8574] Updating AD information every time user submits wrong password when logging in

            No work has yet been logged on this issue.

              barconati BillA
              9b8f9002b2d8 Petteri Parkkila
              Votes:
              3 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: