[debian "buster" // dovecot-core 2.3.4.1-5+deb10u3 // roundcube 1.4.8+dfsg.1-1~bpo10+1 from buster-backports]
Dovecot is setup to authenticate against the local Active Directory which is configured to lock an account after five authentication failures.
Issue:
When someone tries to login into roundcube with a wrong password then roundcube doesn't come back for a while and after that the AD account is locked.
So I sniffed the IMAP connection and after hitting "Login" and while the login screen says "loading" I see more than five IMAP login attempts:
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.
A0001 AUTHENTICATE PLAIN ##########
A0001 NO [AUTHENTICATIONFAILED] Authentication failed.
[...]
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.
A0006 AUTHENTICATE PLAIN ##########
A0006 NO [AUTHENTICATIONFAILED] Authentication failed.
[...]
Maybe it's me and the way I'm searching but I don't find anything related to this issue. Where can I adjust the authentication behaviour of roundcube, especially if a wrong Password is typed in?
thanks
Lars