Debian 12 (no docker),Seafile 11 LDAP no users freeze, and no users ip for fail2ban

hello
i have problems, on a new seafile 11 on debian 12.
first, the “Freeze option” not work for a LDAP account.
and i cannot use fail2ban, because, even if some users are only local, in seahub.log i see only auth error, without the users ip.
help? :slight_smile:

for exemple:
the first 4 lines are for a local user, and the next 4 for a ldap user.

Blockquote
2024-12-19 13:23:14,765 [ERROR] seahub.base.accounts:1004 authenticate ldap user 35255ff28824452086621b35a8a67e78@auth.local not found.
2024-12-19 13:23:28,318 [ERROR] seahub.base.accounts:1004 authenticate ldap user 35255ff28824452086621b35a8a67e78@auth.local not found.
2024-12-19 13:23:32,294 [ERROR] seahub.base.accounts:1004 authenticate ldap user 35255ff28824452086621b35a8a67e78@auth.local not found.
2024-12-19 13:23:36,157 [ERROR] seahub.base.accounts:1004 authenticate ldap user 35255ff28824452086621b35a8a67e78@auth.local not found.
2024-12-19 13:37:56,747 [ERROR] seahub.base.accounts:1004 authenticate ldap bind failed: {‘msgtype’: 97, ‘msgid’: 1, ‘result’: 49, ‘desc’: ‘Invalid credentials’, ‘ctrls’: , ‘info’: ‘80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1’}
2024-12-19 13:38:02,089 [ERROR] seahub.base.accounts:1004 authenticate ldap bind failed: {‘msgtype’: 97, ‘msgid’: 1, ‘result’: 49, ‘desc’: ‘Invalid credentials’, ‘ctrls’: , ‘info’: ‘80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1’}
2024-12-19 13:38:09,857 [ERROR] seahub.base.accounts:1004 authenticate ldap bind failed: {‘msgtype’: 97, ‘msgid’: 1, ‘result’: 49, ‘desc’: ‘Invalid credentials’, ‘ctrls’: , ‘info’: ‘80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1’}
2024-12-19 13:38:14,462 [ERROR] seahub.base.accounts:1004 authenticate ldap bind failed: {‘msgtype’: 97, ‘msgid’: 1, ‘result’: 49, ‘desc’: ‘Invalid credentials’, ‘ctrls’: , ‘info’: ‘80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1’}

ok sorry, in fact the freeze works, but the time before it happens is long…
I made 4 connection attempts in 15-20s without freezing the account, but a 5th connection a few minutes later worked.
and this time i have the user’s ip :
first is ldap account, last is local account

Blockquote
2024-12-19 13:46:09,775 [ERROR] seahub.base.accounts:1004 authenticate ldap bind failed: {‘msgtype’: 97, ‘msgid’: 1, ‘result’: 49, ‘desc’: ‘Invalid credentials’, ‘ctrls’: , ‘info’: ‘80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1’}
2024-12-19 13:46:09,780 [WARNING] seahub.auth.views:140 login Login attempt limit reached, try freeze the user, email/username: XXXXXX@XXXXXXXX.XXX, ip: 192.168.0.3, attemps: 5
2024-12-19 13:46:09,848 [WARNING] seahub.auth.views:151 login Login attempt limit reached, freeze the user email/username: XXXXXX@XXXXXXXX.XXX, ip: 192.168.0.3, attemps: 5
2024-12-19 13:46:44,002 [ERROR] seahub.base.accounts:1004 authenticate ldap user 35255ff28824452086621b35a8a67e78@auth.local not found.
2024-12-19 13:46:44,018 [WARNING] seahub.auth.views:140 login Login attempt limit reached, try freeze the user, email/username: XXXXXXXX@gmail.com, ip: 192.168.0.3, attemps: 6
2024-12-19 13:46:44,078 [WARNING] seahub.auth.views:151 login Login attempt limit reached, freeze the user email/username: XXXXXXXX@gmail.com, ip: 192.168.0.3, attemps: 6

ok, i’m definitively stupid :rofl:
freeze is not “slow”, it’s just because i’ve set “LOGIN_ATTEMPT_LIMIT” to 5…
just testing now, with limit set to 3, and freeze occurs immediately after 3 attempts :grinning:
so I only have one question left, is it possible to get the user’s ip every time they try to connect?
so that I can use fail2ban to block brute force attacks.
because if the ip only appears when the account is frozen, the problem is that it’s impossible to block attacks on a non-existent account with fail2ban.