Knowledge Doc: Intruder Detection counter in eDirectory


Intruder Detection counter in eDirectory

eDirectory (NetIQ eDirectory)

NetIQ eDirectory 8.7.3, 8.8, 9.x

Intruder detection feature can be applied at the OU level only and is not configurable as per user basis.

To explain this further, below is one example of intruder detection configuration.
a. Detect Intruders: Check
b. Number of invalid login attempts: 7 (default)
c. Invalid login count reset interval: 30 minutes (default)
d. Lock account after detection: Check, Time: 15 minutes (default)

1. Allow unauthorized login up to 7 times within 30 minutes. (setting of b and c)
The account will be locked if the unauthorized login is detected more than 8 times within 30 minutes.
For example, if you log in with an incorrect password 7 times within 30 minutes, the intruder detection counter will be set to 7.

2. Once account is locked, it will remain locked for 15 minutes. (setting d)
This means that the user cannot log in for 15 minutes unless an administrator unlocks the account.
In this case, you can see in Console One/iManager that the account is locked.
The account can be unlocked via Console One/iManager.

3. 15 minutes after the user has been locked, the lock will be released.
However, this state is not visible in Console One/iManager.
If the password is correct, the user should be able to login again after 15 mins. The intruder detection should be 0 in this case.

The intruder detection counter will be reset to 0 when account is unlocked.
Legacy KM ID
Japanese KB 6735:

Knowledge Base Article Link

URL Name


Knowledge Docs
Comment List