After updating to 11.0.5 experiencing slow logon (mobile apps not able to logon at all).
- disabled bruteforce in config.php (added: ‘auth.bruteforce.protection.enabled’ => false, ), restarted apache and server, no improvement
- cleared database table with bruteforce (oc_bruteforce_attempts) entries, fixed the issue. Lot’s of duplicate entries there.
- enabled bruteforce again (removed: ‘auth.bruteforce.protection.enabled’ => false, ), restarted apache and server.
- tested with apps and web, fast logon, no bruteforce entries in tables.
'winning’source used to sort/investigate the issue:
How is this possible to end up in ‘production’ built?
Ubuntu LTS 16.04, PHP7, REDIS, mysql.
Well bruteforce protection ended up in the production build to prevent brute force of user passwords. The reason why you were hit by this is most likely that your app had a wrong password and therefor logged in with wrong credentials and blocking you in the end.
'auth.bruteforce.protection.enabled' => false,
Starting with 12 that will also stop the delay:
Before that it only stops logging new attempts, so it would take 24h until you are back to full speed on login again.
Thanks, odd thing is that the passwords did not change in the process. And before the update the logon was ‘fast’, also for local authenticated users like the Admin (normal users require LDAP logon)".
Don’t like to fiddle in SQL databases on a production environment, config.php change OK, so good this will be resolved in future release (no need to manually delete table entries).
Anyway, all sorted now. Looking forward to the 12.x release on the ‘production’ channel.