Limit number of failed logins using LDAP for authentication
One of the largest customers has security policy to have the application support LDAP rack attack. The current setting of rack attack seems to only work with basic authentication but not LDAP as being tried by the customer and described in this forum post.
This is currently blocking the deployment of Gitlab for 6000+ users.
- Limit the number of failed authentication attempts via LDAP.
A note from @stanhu: I think we just need to use the Warden
before_failure hook and detect whether this is a failed LDAP login, and then instrument the
SessionsController with Rack Attack.