BruteForceProtection plugin is not preventing authentications on backend
I tested BruteForceProtection plugin today, I just enabled the plugin without any other parameter:
lemonldap-ng-cli set bruteForceProtection 1
It works well, but I noticed that the plugin is called after authentication, which means it does not block requests on authentication backend even is account is "locked". I would expect that the plugin detects that the account is locked before calling the authentication backend.
What do you think?