Login attempts setting not working in 16.9

We updated our instance to 16.9 and I set the parameters like this:
https:///api/v4/application/settings?max_login_attempts=3&failed_login_attempts_unlock_period_in_minutes=60

Refering to: Locked users | GitLab

After testing, we see, that the default of 10 attempts and 10 Minutes is still active. So it seem, that the setting is not working in self-managed Tier.

Can anyone confirm this?

Regards

Mario

Hey
Did you do it using curl? Sorry if it’s a silly question, just checking the basics
curl --request PUT --header “PRIVATE-TOKEN: <your_access_token>” "https…

Sure, I can also see, that the parameters a set, when reading the parameters with HTTP GET: https:///api/v4/application/settings

Even though you tried to change the settings to limit login attempts, it seems like the default settings are still in place.

yes and this is the problem. The default is 10 and I reduced it to 3, but after three mislogins it is still not blocked.

Well, you should check if you put the new settings the right way in a special file called gitlab.rb. This file is important for managing your GitLab on your own. Changing settings isn’t just about using the API; you need to update this file, too.
After you change the gitlab.rb file, you have to run a special command, sudo gitlab-ctl reconfigure, on your server. This step makes sure GitLab knows about the changes you made.
Then, after you use the API to change settings, pay attention to the response it gives back. This response will tell you if your changes worked or if something went wrong.
If you’ve done all this and things still aren’t working right, you might need to restart GitLab. You do this with another command, sudo gitlab-ctl restart. Restarting can help make sure all your changes take effect.

ok, thanks for the information, I will check and test it

1 Like