Obtaining lockout status from LDAP with Spring

Question

I am using OpenDJ and have set return-bind-error-messages to true.

My code looks as follows

    BindAuthenticator authenticator = new BindAuthenticator(contextSource);
    authenticator.setUserSearch(new FilterBasedLdapUserSearch(
            searchBase,
            new EqualsFilter("uid", username).encode(),
            contextSource));

    try {
        authenticator.authenticate(new UsernamePasswordAuthenticationToken(
                username,
                authentication.getCredentials(),
                authentication.getAuthorities()
        ));
    } catch (NameNotFoundException e) {
        loginService.auditAuthentication(usernameWithDomainString,false,0,userDetails.getRemoteAddress());
        return null;
    } catch (RuntimeException e) {

        throw e;
    }

e is of type org.springframework.security.authentication.BadCredentialsException: Bad credentials when the user has been locked out.

Also I get the following in the LDAP log:

    "[17/Sep/2013:15:44:13 -0400] BIND RES conn=106 op=0 msgID=1 result=49 message="R
    ejecting a bind request for user uid=doctor.uno,ou=people,dc=example,dc=com becaus
    e the account has been locked due to too many failed authentication attempts" et
    ime=1"

How Do I get the information that a failed login attempt was due to a lockout with Spring?

score 0 · Answer 1 · answered Sep 27 '13 at 07:42

0

With OpenDJ, you would need to send the Password Policy control with the bind operation to get details on why a bind fails. I don't know whether Spring has support for the control or not.

answered Sep 27 '13 at 07:42

Ludovic Poitou

4,788
2
21
30

Obtaining lockout status from LDAP with Spring

1 Answers1