Login Intruder Address shows as hex value instead of IP address

  • 7018425
  • 29-Dec-2016
  • 29-Dec-2016


NetIQ eDirectory 8.8 for all platforms
NetIQ eDirectory 9.0 for all platforms


Login Intruder Address is displayed as Hexadecimal instead of IP address, regardless of the tool used. This can be seen in iManager, iMonitor or querying the value with LDAP.

For example, iMonitor type will be internal and the value could be CAF27F0000001. In iManager, the value will be preceded by "12#", which indicates that it's an Internal value.


The address in attribute in hexadecimal has 2 parts. The first 2 bytes represents the port and the last 4 bytes stands for the IP address of the client from which the login was attempted. 

For example, if the value is CAF27F0000001, the first 2 bytes, CAF2 is the port number - 51954 and the last 4 bytes, 7f000001 is the IP address -

To avoid this problem, set "NDSD_TRY_NMASLOGIN_FIRST" to "true" and restart eDirectory. For instructions on how to set NDSD_TRY_NMASLOGIN_FIRST, follow TID # 3307424.


This issue occurs when a user account is locked using Novell Client or ndslogin (NCP Authentication) and subsequently a login with correct password is attempted using LDAP. 

When LDAP binds use NMAS, Login Intruder Address attribute will be updated with the correct value.