我使用LDAP。 如果用户帐户被锁定，我试图登录该用户但密码错误，我会获取用户帐户被锁定的错误。

I am using ldap. If the user account is locked, and I tried to login with this user but with BAD password, I will get the error that the user account is locked.

有什么办法来控制authintication的顺序。我的意思是让检查的密码，然后用户的状态。

Is there any way to control the order of authintication . I mean to make it check for the password then the status of user.

感谢

推荐答案

我不想像你可以通过配置更改。如果在该帐户被锁定的情况下，所有的密码都是不好的。

I don't imagine you can change this by configuration. In any case if the account is locked, all passwords are bad.

您需要考虑是否要披露的帐户锁定的信息给用户，这是一个信息泄露的帐户存在，即攻击者可能能够利润，现在保存的用户名不变，只是想不同的密码，但LDAP服务器应避免的，或者保护自己。

You need to consider whether or not to disclose the account-locked information to the user, which is an information leakage that the account exists, which an attacker may be able to profit by, by now keeping the username constant and just trying different passwords, but the LDAP server should be protected against that, or protect itself.