Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
It would be great if you could detail the exact use case where the intruder lockout happens in both the directories simultaneously. SSPR usually searches for the CN across multiple LDAPs as per the configuration and go for the authentication with the first match. Prompting the user for clearing the intruder lockout happens only with that LDAP. More details about the user scenario will help us to evaluate the idea further.
Like many larger enterprises, our company has both eDirectory and Active Directory. Employee accounts exist in both with the same CN.
When Intruder lockout occurs for a variety of reasons, it might happen just within their eDir account, just their AD account, or both.
Our SSPR just happens to be integrated with eDir LDAP. When going through SSPR's Forgotten Password module, a user is only prompted to clear intruder lockout if eDir itself has an intruder lockout set -- otherwise, if only their AD account is locked, SSPR only offers to reset the users password.
Would be a huge improvement if SSPR allowed defining "secondary LDAP" sources with the sole purpose of simultaneously checking for and clearing Intruder Lockout across any of them, if they likewise contain a CN match.
Top Comments