Overview#
Intruder Lockout Check is a Policy Decision Point defined in Draft-behera-ldap-password-policy to determine when Intruder Detection is activated.A status of true indicating that an intruder has been detected is returned if ALL the following conditions are met:
- The PwdLockout attribute is TRUE.
- The number of values in the PwdFailureTime attribute that are younger than PwdFailureCountInterval is greater or equal to the PwdMaxFailure attribute.
Otherwise a status of false is returned.
While performing this check, values of PwdFailureTime that are old by more than PwdFailureCountInterval are purged and not counted.