[OGo-Developer] Re: Automatically Lock an Account on Failed Logins
Sebastian Reitenbach
developer@opengroupware.org
Sat, 29 Sep 2007 13:48:42 +0200
Hi,
I moved this thread from the users to the developer list.
> > http://bugzilla.opengroupware.org/bugzilla/show_bug.cgi?id=1917
>
> > > > > It stores locked status in the isLocked attribute of
> > Person; "is_locked"
> > > > > in the "person" table. It looks like it tries to use the session
log
> > > > > to compute the failures.
> > > > ok, so when it is persistently locked via the is_locked column in
the
> > > > database, then the Admin has to reenable the account via the WebUI.
> > That's
> > > > fine for me. thanks.
> > > Yep, would be a good feature.
> > I think so too, I hope I'll find some time to take a look at the source
to
> > figure out what is going wrong there.
After some fiddling around with gdb, I changed the return value of the
method canNestTransactions in sope's PostgreSQL72Context.m from NO to YES,
see below, then everything was working fine. The account got locked when
trying too many times to login with the wrong password ;)
- (BOOL)canNestTransactions {
return YES;
}
This is called from sope EOAdaptorContext.m, which is called from
OGoContextManager.m
AFAIK the nested transaction got introduced in postgres 8.0, and 7.X is also
long time not supported anymore, so I doubt that it wouldn't harm to just
make that little change to sope's PostgreSQL72Context.m.
any thoughts on this?
kind regards
Sebastian