I am trying to find a way to limit the number of failed login attempts that an IP address might try. I am using a LDAP server which I do not control, and I don’t want my gitlab install to spam it with numerous requests.
On a previous server hosting a wiki, I used fail2ban which checks failed logins in log files and bans (with iptables) the ip who fails more than 5 times to log-in.
It seems that failed log-in attemps are not logged here.
I found out that omnibus gitlab uses rack-attack to get the same kind of functionnality. But it does not seem to work with ldap. The only line in /etc/gitlab/gitlab.rb about rack-attack mentions basic auth only :
gitlab_rails[‘rack_attack_git_basic_auth’] = …
How can I limit the number of login attempts using ldap auth ?
Thanks for your help !