if (username != null) {
            AccountAttempts account = accountAttempts.computeIfAbsent(username, k -> new AccountAttempts());
            account.recordFailure();

            if (account.getFailedAttempts() >= maxAttemptsPerAccount) {
                account.lockOut(lockoutDuration);
                totalAccountsLocked.incrementAndGet();

     * been resolved and it is not a domain SID or builtin account,
     * the full DOMAIN\name form of the account will be
     * returned (e.g. MYDOM\alice or MYDOM\Domain Users).
     * If the SID has been resolved but it is is a domain SID,
     * only the domain name will be returned (e.g. MYDOM).
     * If the SID has been resolved but it is a builtin account,
     * only the name component will be returned (e.g. SYSTEM).

     * Defines the root of the LDAP directory tree for user lookups.
     */
    @Size(max = 1000)
    public String ldapBaseDn;

    /**
     * LDAP filter for finding user accounts.
     * Defines the search filter used to locate user accounts in LDAP.
     */
    @Size(max = 1000)
    public String ldapAccountFilter;

    /**
     * LDAP filter for finding groups.

    /** Account control bit flag: Normal user account */
    public static final int ACB_NORMAL = 16;
    /** Account control bit flag: MNS logon user account */
    public static final int ACB_MNS = 32;
    /** Account control bit flag: Interdomain trust account */
    public static final int ACB_DOMTRUST = 64;
    /** Account control bit flag: Workstation trust account */
    public static final int ACB_WSTRUST = 128;

    /** Account control bit flag: Normal user account */
    public static final int ACB_NORMAL = 16;
    /** Account control bit flag: MNS logon user account */
    public static final int ACB_MNS = 32;
    /** Account control bit flag: Interdomain trust account */
    public static final int ACB_DOMTRUST = 64;
    /** Account control bit flag: Workstation trust account */
    public static final int ACB_WSTRUST = 128;

            "Logon failure: account logon time restriction violation.", "Logon failure: user not allowed to log on to this computer.",
            "Logon failure: the specified account password has expired.", "Logon failure: account currently disabled.",
            "No mapping between account names and security IDs was done.", "The security ID structure is invalid.",

            crawler.addUrl(url);
            crawler.crawlerContext.setMaxAccessCount(maxCount);
            crawler.crawlerContext.setNumOfThread(numOfThread);
            crawler.urlFilter.addInclude(url + ".*");
            final String sessionId = crawler.execute();
            assertEquals(maxCount, dataService.getCount(sessionId));
            dataService.delete(sessionId);
        } finally {

            "Logon failure: account logon time restriction violation.", "Logon failure: user not allowed to log on to this computer.",
            "Logon failure: the specified account password has expired.", "Logon failure: account currently disabled.",
            "No mapping between account names and security IDs was done.", "The security ID structure is invalid.",

        rateLimiter.recordFailure(username, ip);

        // After 3 failures, account should be locked
        try {
            rateLimiter.checkAttempt(username, ip);
            fail("Should throw SmbException for locked account");
        } catch (SmbException e) {
            assertTrue(e.getMessage().contains("locked out"), "Should indicate account lockout");
        }
    }

    @Test

            crawler.addUrl(url);
            crawler.crawlerContext.setMaxAccessCount(maxCount);
            crawler.crawlerContext.setNumOfThread(numOfThread);
            crawler.urlFilter.addInclude(url + ".*");
            final String sessionId = crawler.execute();
            assertEquals(maxCount, dataService.getCount(sessionId));
            dataService.delete(sessionId);
        } finally {