ldap prevent brute force

Asked Jan 16 '13 at 06:37

Active May 05 '16 at 13:23

Viewed 1,990 times

The title should be self explanatory but more in detail I'm looking for a way to protect the ldap from LAN brute force attacks.

It would be fine to prevent password guessing by locking a password for a specified period of time after repeated authentication failures. It doesn't matter if this can be turned into a DOS.

Unfortunately I can't find a way to do this and the documents I've found are really confused.

asked Jan 16 '13 at 06:37

damko

1

what LDAP server? What OS/ This seems like something that is likely to be very closely tied to a specific implementation. For example, you could probably do something with fail2ban on a Linux system. Or maybe do some kind of rate-limiting with iptables. Your LDAP server may have built-in rate limiting features, or maybe not. – Zoredache Jan 16 '13 at 07:20
Sorry, my bad. Openldap on debian. @Zoredache thanks for the tip: I'll dig about fail2ban – damko Jan 16 '13 at 15:39
I found something interesting here. http://www.zytrax.com/books/ldap/ch6/ppolicy.html I'll do some tests and then I'll report something – damko Jan 18 '13 at 16:39

ldap prevent brute force

0 Answers0