2012/1/12 Shannon <[email protected]>: > I think I may be missing something, but in AD mode which means you > have to define a manager to change the password - I think that means > you can endlessly try to change someones password. > > So, from a hacking point, if I can get to the web page, I can try to > change a users password without ever locking out permanently. > > Is there a setting I can invoke to only allow a limited number of > attempts or can we force a lockout (without reset) on a user in > manager mode? Or better yet - do we see support for the user to make > the change coming or is that a design issue in AD?
The design issue is from PHP LDAP (and a little from AD). I have no solution yet. Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
