fix: updated ldap auth lockout to be like ua lockout

[akhilmhdh]

Context

This PR updates the ldap auth lockout to be like ua auth. This was causing ldap lockout to have timeout when multiple valid incoming request were coming. This would fix it. The lockout is only checked when the auth is in invalid state.

Screenshots

Steps to verify the change

1. Configure ldap identity auth
2. Test valid request it should work fine
3. Test multiple invalid request and if lockout is enabled it should stop it

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Summary

This PR fixes LDAP authentication lockout behavior by aligning it with the universal auth (UA) implementation pattern.

Key Changes:

• Moved lock acquisition from before auth attempt to after auth failure detection
• Lock is now only acquired when lockout is enabled and auth fails
• Successful auth attempts no longer compete for locks, eliminating timeout issues with valid requests
• Lockout state is checked early (before auth) to fail fast for already-locked accounts

Issues Found:

• Lock retry configuration differs from UA auth reference: uses infinite retries (retryCount: -1) instead of limited retries (retryCount: 3), which could cause auth requests to hang indefinitely

Confidence Score: 3/5

• This PR fixes a performance issue but introduces a potential hanging bug with infinite lock retries
• The refactoring correctly addresses the original problem (valid requests timing out) by following the UA auth pattern. However, the lock configuration deviates from the reference implementation with infinite retries instead of limited retries, which could cause auth requests to hang indefinitely under lock contention
• Pay attention to the lock acquisition parameters in backend/src/services/identity-ldap-auth/identity-ldap-auth-service.ts - the infinite retry configuration should be reviewed

Important Files Changed

Filename	Overview
backend/src/services/identity-ldap-auth/identity-ldap-auth-service.ts	Refactored lockout logic to only acquire lock on auth failure, preventing timeout on valid requests. Found inconsistency in lock retry configuration compared to UA auth.

_{Last reviewed commit: f2bf055}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[scott-ray-wilson]

LGTM, verified valid requests don't trigger lock and desired lockout occurs if invalid credentials