Cybersecurity
DevOps Cloud
IT Operations Cloud
Summary
Intruder Detection counter in eDirectory
Products
eDirectory (NetIQ eDirectory)
Environment
NetIQ eDirectory 8.7.3, 8.8, 9.x
Resolution
Intruder detection feature can be applied at the OU level only and is not configurable as per user basis.
To explain this further, below is one example of intruder detection configuration.
a. Detect Intruders: Check
b. Number of invalid login attempts: 7 (default)
c. Invalid login count reset interval: 30 minutes (default)
d. Lock account after detection: Check, Time: 15 minutes (default)
1. Allow unauthorized login up to 7 times within 30 minutes. (setting of b and c)
The account will be locked if the unauthorized login is detected more than 8 times within 30 minutes.
For example, if you log in with an incorrect password 7 times within 30 minutes, the intruder detection counter will be set to 7.
2. Once account is locked, it will remain locked for 15 minutes. (setting d)
This means that the user cannot log in for 15 minutes unless an administrator unlocks the account.
In this case, you can see in Console One/iManager that the account is locked.
The account can be unlocked via Console One/iManager.
3. 15 minutes after the user has been locked, the lock will be released.
However, this state is not visible in Console One/iManager.
If the password is correct, the user should be able to login again after 15 mins. The intruder detection should be 0 in this case.
Note:
The intruder detection counter will be reset to 0 when account is unlocked.
Legacy KM ID
Japanese KB 6735:
https://www.novell.com/ja-jp/support/kb/tids/jp/00006500_/00006735.htm
URL Name
KM000012026