Environment
Novell eDirectory 8.8 SP1 for All Platforms
Situation
In eDirectory 8.8 SP1, a security enhancement was made when an
invalid user does a Ldap bind. The return code for an invalid user
now returns -669, instead of -601.
Prior to eDir 8.8 SP1, a -601 was returned when a user attempted to bind as an invalid user. The return code of -601 tells the user that there is "no such object". Changing the error code from "no such object" to "failed authentication" helps keep the directory safer as we are not disclosing whether or not the user object is present in the database.
eDir 8.7.3 error code:No such object (32)
additional info: NDS error: no such entry (-601)
eDir 8.8 Sp1 (or greater) error code:
Invalid credentials (49)
additional info: NDS error: failed authentication (-669)