We are facing an issue in keycloak LDAP integration.
Issue: we integrated keycloak with LDAP and we had multiple scripts for health check that run concurrently over a period of time. As a part of this, when there is LDAP connection timeout occassionally, the user is getting locked by brute-force considering 2 quick failures in a second with invalid credentials. Hence scripts are aborting the run.
Question: Why Keycloak events doesn’t differentiate ConnecitonTimeOut errors and is there any reason to treat them as login failures. Given the network delay expectations, Keycloak should be robust enough to handle them gracefully instead of treating them as LoginErrors.
File to refer the code: LDAPOpertionManager.java → authenticate()