[ngw] Perplexing Datasync Issue / LDAP

James Taylor James.Taylor at eastcobbgroup.com
Thu May 25 16:56:04 UTC 2017

Have you tried running dsapp to look for the user ID?
May have some corruption. dsapp will find and remove these kind of "phantom" users.

Just in case..
By the way, it will check for latest version and auto update when ou run it.

James Taylor
james.taylor at eastcobbgroup.com

>>> "Marvin Huffaker" <mhuffaker at redjuju.com> 5/25/2017 12:42 PM >>> 
I have an issue that has me completely stumped.  Latest Datasync build and it is configured to provision and authenticate via ldap.  

It started off when a user changed their eDirectory password, they started getting locked out of their edir account with an "Intruder Lockout".  The source of the lockkout was the Datasync server.  He had changed the associated account/password on his iphone so a password discrepancy between edir and the device is not the issue.  Other users seem to be able to change their passwords without issue.  They have a global policy that forces password changes every 45 days.

Currently we have the user completely removed from Datasync. He is not even provisioned. I have used dsapp to manually scrub him from the database.  There is no trace of him in datasync. 

His account continues to be locked out and the datasync server ip address is the source.
Furthermore, we have noticed that through the customers auditing software reports, numerous LDAP authentication requests are coming in from the datasync server for users that are not and have never been provisioned for datasync.

What could possibly be doing this?  It's just a vanilla SLES 11 SP4 server built specifically for datasync. No eDirectory. No OES, no other services or anything I can find that would be making LDAP calls.. The only service making LDAP calls would be datasync. 

Marvin Huffaker
mhuffaker at redjuju.com
Office:  480-988-7215 (Best Number)
Cell: 480-797-2989 

More information about the ngw mailing list