Ldap bind as invalid user returns 669 in eDirectory 8.8 SP1

  • 3190638
  • 29-Sep-2006
  • 26-Apr-2012

Environment

Novell eDirectory 8.8 SP1 for All Platforms

Situation

In eDirectory 8.8 SP1, a security enhancement was made when an invalid user does a Ldap bind. The return code for an invalid user now returns -669, instead of -601.

Prior to eDir 8.8 SP1, a -601 was returned when a user attempted to bind as an invalid user. The return code of -601 tells the user that there is "no such object". Changing the error code from "no such object" to "failed authentication" helps keep the directory safer as we are not disclosing whether or not the user object is present in the database.

eDir 8.7.3 error code:
No such object (32)
additional info: NDS error: no such entry (-601)

eDir 8.8 Sp1 (or greater) error code:
Invalid credentials (49)
additional info: NDS error: failed authentication (-669)



Status

Reported to Engineering

Feedback service temporarily unavailable. For content questions or problems, please contact Support.