How to authenticate user without locking their account?

Question

I'm writing an application that checks via the adLdap library if the user is logged in.

But the problem is that when the user enters the wrong password, after the 4th time it will lock his account. Is there anything i can do about it? Or is this the way LDAP is working?

Here is the code i'm using:

public static function checkLogin ($username, $password) {
    $ldap = new adLDAP();
    if ($ldap->authenticate($username, $password)) {
        return true;
    }
    return false;
}

score 0 · Answer 1 · answered Feb 04 '14 at 14:52

It is not adLDAP nor LDAP that is locking the account. Your network administrator has set up several rules in Windows Active Directory and one of which is to lock the account after 4 incorrect password attempts.

This is a security feature which can only be changed within ADUC (Active Directory Users and Computers).

score -1 · Answer 2 · answered Aug 14 '13 at 10:57

I never used the LDAP, but I solve this problem as follows:

When loading the index of the site, would create a $ _SESSION ['count'] to count how many attempts were made to login. If at any time this number exceeds 4 attempts, I give an UPDATE on the database to lock the user's password.

See the example:

public static function checkLogin ($username, $password) {
    if($_SESSION['count'] >= 4 || $this->UserLocked()) {
        return false; //User Locked | note that even created a method to check whether the user is locked or not.
    } else {
        $ldap = new adLDAP();
        if ($ldap->authenticate($username, $password)) {
            return true;
        }

        $_SESSION['count']++;

        return false;
    }
}

How to authenticate user without locking their account?

2 Answers2