[OGo-Users] Automatically Lock an Account on Failed Logins

[Adam Tauno Williams]

> I took a look at this page:
> http://docs.opengroupware.org/Members/helge/Configurations/FailedLoginLock/view?searchterm=login
> and have a few questions:

This feature is documented in WMOGAG.
http://docs.opengroupware.org/Members/whitemice/wmogag/file_view

It also doesn't work

Implemented in Logic/LSFoundation/OGoContextManager+FailedLogin.m

See Logic/LSFoundation/OGoContextManager+FailedLogin.m

> 1. Does the administrator has to unlock the account after ogo locked the 
> account, or is it unlocked automatically after MinutesBetweenFailedLogins?

I think it is locked persistently.

> 2. I assume there is a mail sent out to notify an Administrator about the 
> locked account, because of the FailedLoginLockInfoMailAddress Default. To 
> whom is mail sent, in case an account is locked?

Yep,  a mail is sent to the administrator.,

  if (LockInfoMail == nil) {
    LockInfoMail = [[ud objectForKey:@"FailedLoginLockInfoMailAddress"]
copy];
    if (LockInfoMail == nil)
      LockInfoMail = @"root";
  }
.....
    [self failLogin_sendInfoMailInCommandContext:cmdCtx
          to:LockInfoMail
          from:[root valueForKey:@"email1"]
          account:_login
          numberOfFails:FailedCount
          timeRange:MinutesBetweenFailed];


> 3. Where does ogo store the failcount? I assume in memory and after a 
> restart the counter are reset to 0?

It stores locked status in the isLocked attribute of Person; "is_locked"
in the "person" table.   It looks like it tries to use the session log
to compute the failures.

-- 
          Consonance: an Open Source .NET OpenGroupware client.
  http://code.google.com/p/consonance/ - Searching for a bored Cairo# hacker.
   Contact:awilliam@whitemiceconsulting.com   http://www.opengroupware.org