ddnicholls1 Absent Member.
Absent Member.
188 views

Bind User behaviour


Hi everyone.

What is the expected behaviour of a bind user when querying for an
attribute on an account that is disabled, and also an account that is
intruder locked?

We are experiencing eDir sending an error when the bind account is
looking at a disabled user in the user store, but it doesn't seem to
care if a user is intruder locked, wondering if this is as designed.

Thanks


--
ddnicholls
------------------------------------------------------------------------
ddnicholls's Profile: https://forums.netiq.com/member.php?userid=5644
View this thread: https://forums.netiq.com/showthread.php?t=55438

Labels (1)
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: Bind User behaviour

Binding, probably meaning via LDAP, should not work for any user who is
disabled, who password is expired and whose grace logins have existed and
then run out , or who are currently in a lockbed-by-intruder situation.
Note that locked-by-intruder is primarily determined the timestamps, and
reset by the passing of time, so just because something shows
lockedByIntruder with a value of TRUE does not mean the account is really
still locked, so that may be what you are seeing, just that it was and has
not been explicitly unlocked. If that happened an hour ago, and no more
failed attempts have happened since then, and time lock is meant to last
thirty minutes, then the account will unlock if the next bind is successful.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
ddnicholls1 Absent Member.
Absent Member.

Re: Bind User behaviour


Thanks Andrew, I think you've nailed what we are seeing.

Cheers


--
ddnicholls
------------------------------------------------------------------------
ddnicholls's Profile: https://forums.netiq.com/member.php?userid=5644
View this thread: https://forums.netiq.com/showthread.php?t=55438

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.