LDAP Authentication with ppolicyLDAP Authentication with ppolicyhttps://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=533379482026-05-05T15:37:38Z2026-05-05T15:37:38ZRE: LDAP Authentication with ppolicyTobias Liefkehttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=533445022015-05-04T12:54:04Z2015-05-04T12:54:04ZHi Andew,<br /><br />thanks for confirming that.<br /><br />I've created a bug report: <a href="https://issues.liferay.com/browse/LPS-55343">LPS-55343</a><br /><br />I know the Ext-Option, I'm always using it for creating patches of found bugs.<br /><br />I'm currently developing a hook for other LDAP specific modifications - unfortunately I can't change (extend) LDAPAuth in that hook, as it is from portal-impl.Tobias Liefke2015-05-04T12:54:04ZRE: LDAP Authentication with ppolicyAndrew Jardinehttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=533398322015-05-04T11:52:27Z2015-05-04T11:52:27ZHi Tobias,<br /><br />I can't see any settings to drive that -- you may have found a "bug". I looked at the logic (as you did) and see the same thing. It seems like there should be a check in the "loop over all servers to try to authenticate" that detects if the current server == preferred service, skip it. Two options, assuming it is a bug, that I can think of. Once not so great, you could increase the "max failed" value -- but that won't help if you DS is used by other applications (which it probably is). Alternatively, you could create an EXT plugin and patch the LDAPAuth class adding the logic mentioned above maybe?Andrew Jardine2015-05-04T11:52:27ZLDAP Authentication with ppolicyTobias Liefkehttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=533379472015-05-04T11:33:41Z2015-05-04T11:33:41ZI've got a problem with the LDAPAuth, when a password policy with "maximum failed login attempts" is used in the LDAP server.<br />Liferay always authenticates twice, if the user entered a wrong password. This leads to a locked useraccount after half of the allowed login attempts.<br /><br />Looking into the code: it always tries to "authenticateAgainstPreferredLDAPServer" with the LDAP Server ID of the User and if that fails it tries every configured LDAP server, which includes the preferred LDAP server.<br /><br />Do I miss something in the configuration?<br /><br />TobiasTobias Liefke2015-05-04T11:33:41Z