Affects Version/s: 6.1.X EE, 6.2.0 CE RC2
Environment:Tomcat 7 + Oracle 11gR2. Portal 6.1.x EE GIT ID: 725a0a03a65b3011e18f6886ebb7ac2350ca32c1.
Tomcat 7 + Oracle 11gR2. Portal 6.2.x CE GIT ID: 5c2ebf7c4f9b5b1a2fbdf0c8b476cecb5b00ae2e.
1 - Start an LDAP (I used ApacheDS, but Microsoft AD is also good to test with; the point is that you should be able to track the number of failed logons)
2 - Set up LDAP connection in the portal-ext.properties (NOT the Control Panel!) - please see attached ldap.properties
3 - Try to log in with a user with an incorrect password
4 - In the LDAP, note that Liferay tried to authenticate the user multiple times, not only once!
- In AD, you can see this if you go to the User in question, right click -> Properties -> Attribute Editor -> BadPwdCount
- In ApacheDS, you will see as many pwdFailtureTime attribute(s) as the number of failed logons
- Attribute pwdFailtureTime should be looked up within that user object with which you tried to log in by using an incorrect password; ApacheDS creates this attribute implicitly
- For reproducing with ApacheDS, place remove directory APACHEDS_HOME/instances/default and restore my data from default.zip
- Example user I used during testing was: cn=dvader,ou=users,dc=support,dc=liferay,dc=com
- The issue isn't Oracle specific, you can use any RDBMS of your choice