Expired password and bruteforce detection

Reporting my experience: on an enterprice installation with LDAP login

We had to force the password expiration for security reason. This resulted in a lot of people trying to login on nextcloud with the old (to change) password before they realized to change password pressing CTRL+ALT+DEL on their windows clients. In the meantime our IP was banned and the browser returned a 500 gateway error. No logs anywhere. Very mad.

@LukasReschke @blizzz

When an IP is banned the worst that can happen is that authentication request takes more than one minute. The error 500 seems to be returned by a proxy on your side or caused by a server misconfiguration.

That said, when you consider running Nextcloud in an Enterprise Environment you may consider a support subscription.