Intruder Detection for LDAP
Articles and Tips: qna
01 Jun 2003
Q.
Does NDS/eDirectory have "intrusion detection" via LDAP; that is, will it block access to the account if someone tries more than three failed connections via LDAP? (This is a feature that I have taken for granted with the NetWare login for many years.)
LDAP'n Lindsey Luftfoot
A.
Dear LDAP'n: I know where you're coming from on this question--LDAP is just not as robust as other Novell API solutions. You know, you used to be right. However, Novell's work with bringing LDAP up to meet the enhanced functionality of NDS/eDirectory has been very successful.
So, to answer your question about Intruder Detection, if a user enters incorrect passwords, LDAP will return a -669 (incorrect login) error. If the user then tries to log in using the correct password (after intruder lockout has locked the account), LDAP will return error -197 (DSERR_LOGIN_LOCKOUT).
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.