when using several ldap subsystems with the same principal, a ldap bind request is made by alfresco for each element of the chain leading to locked principal account
How to reproduce?
1) build a 3.3.3
2) using JMX set the chain to
each of the subsystems point to the same ldap server with the same principal but on different branches
3) triger a sync using JMX while running a network dump
A bind request with the wrong password is sent for each element.
If you have N elements with the same principal, we trigger N bind request with a bad password for the same principal. If N>4, then AD by default lock the account leading to a sync failure.
No account is locked.
Could we come with a more clever way of testing LDAP connectivity?
E.g If we already tested agaisnt the same ldap server with the same principal, why retest it within a fraction of second?
The wrong password is sent in file: