Limit number of failed logins using LDAP for authentication
Description
One of the largest customers has security policy to have the application support LDAP rack attack. The current setting of rack attack seems to only work with basic authentication but not LDAP as being tried by the customer and described in this forum post.
This is currently blocking the deployment of Gitlab for 6000+ users.
/cc @malessio @stanhu @jeremy_
Proposal
- Limit the number of failed authentication attempts via LDAP.
A note from @stanhu: I think we just need to use the Warden before_failure
hook and detect whether this is a failed LDAP login, and then instrument the SessionsController
with Rack Attack.
Links / references
Edited by Jeremy Watson (ex-GitLab)