Well, with that I can use fail2ban to ban by IP, which isn't my preferred option but it would do the job. I just wanted to see if there was an easy way to implement an alternative.
Let me show you how to modify iRedAdmin source code to achieve your goal. You didn't mention iRedAdmin-Pro, so i guess you're running iRedAdmin open source edition.
- Open file controllers/mysql/basic.py, find below line:
class Login:
…
def POST(self):
…
else:
session['failedTimes'] += 1
web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',)
raise web.seeother('/login?msg=%s' % web.urlquote(auth_result[1]))You can see the last line "raise …", just append username in it, modified line is:
raise web.seeother('/login?msg=%s&username=%s' % (web.urlquote(auth_result[1]), username))
By the way, it works for both iRedAdmin open source edition and iRedAdmin-Pro, for all backends.
On a related note, is there a way to restrict logins by global admins? I only want global admins to be able to login from a couple of IPs.
*) Why just global admins? How about don't mark mail user as domain admin, then you have only global admins.
*) To restrict IP address, control with Apache instead. Something like this:
Order deny,allow
Deny from all
Allow from xx.xx.xx.xx