Environment
Novell NetWare Remote Manager
Novell eDirectory
Situation
Symptom:
In the Health Monitor of Novell Remote Manager the Failed
Logins Per Hour count is incrementing but users are not failing to
login.
Reason:
Any LDAP bind request that hits a server will first try
to find the object in the local database and then, if it fails, it
will use referrals to walk the tree. If the object is not found in
a local replica on this first attempt a -779Â ERR CANNOT GO
REMOTE is returned. The -779 returned by this
first attempt to login to the local database is a legitimate
failed login so the failed login count increments in Novell Remote
Manager . However, the end result for the user is not a failed
login because LDAP will then use referrals and the user is
successfully logged into a different server. So both LDAP and
Novell Remote Manager are functioning properly in their own
regard.
To verify that the failed login count is rising due to -779
errors you can trace LDAP activity using dstrace. TID 10062292 has instructions on capturing
LDAP information with dstrace.
Resolution
If you are seeing the failed login count in Novell Remote Manager incrementing due to -779 errors you may want to evaluate why there are LDAP bind requests to this server if it does not hold a replica. Then you can consider adding a replica(s) to this server or changing the behavior of the application doing the LDAP binds.