[ngw] Perplexing Datasync Issue / LDAP

Marvin Huffaker mhuffaker at redjuju.com
Thu May 25 17:35:10 UTC 2017


When first troubleshooting, I used dsapp to forcibly remove what I believe were all traces of the user in question.  it didn't change the behavior of what is happening. 

Marvin 

Sent from my iPhone

> On May 25, 2017, at 9:56 AM, James Taylor <James.Taylor at eastcobbgroup.com> wrote:
> 
> Have you tried running dsapp to look for the user ID?
> May have some corruption. dsapp will find and remove these kind of "phantom" users.
> 
> https://www.novell.com/communities/coolsolutions/cool_tools/dsapp/
> 
> Just in case..
> By the way, it will check for latest version and auto update when ou run it.
> -jt
> 
> 
> 
> James Taylor
> 678-697-9420
> james.taylor at eastcobbgroup.com
> 
> 
> 
>>>> "Marvin Huffaker" <mhuffaker at redjuju.com> 5/25/2017 12:42 PM >>> 
> I have an issue that has me completely stumped.  Latest Datasync build and it is configured to provision and authenticate via ldap.  
> 
> It started off when a user changed their eDirectory password, they started getting locked out of their edir account with an "Intruder Lockout".  The source of the lockkout was the Datasync server.  He had changed the associated account/password on his iphone so a password discrepancy between edir and the device is not the issue.  Other users seem to be able to change their passwords without issue.  They have a global policy that forces password changes every 45 days.
> 
> Currently we have the user completely removed from Datasync. He is not even provisioned. I have used dsapp to manually scrub him from the database.  There is no trace of him in datasync. 
> 
> His account continues to be locked out and the datasync server ip address is the source.
> Furthermore, we have noticed that through the customers auditing software reports, numerous LDAP authentication requests are coming in from the datasync server for users that are not and have never been provisioned for datasync.
> 
> What could possibly be doing this?  It's just a vanilla SLES 11 SP4 server built specifically for datasync. No eDirectory. No OES, no other services or anything I can find that would be making LDAP calls.. The only service making LDAP calls would be datasync. 
> 
> 
> Marvin Huffaker
> mhuffaker at redjuju.com
> Office:  480-988-7215 (Best Number)
> Cell: 480-797-2989 
> 
> 
> 
> 
> _______________________________________________
> ngw mailing list
> ngw at ngwlist.com
> http://ngwlist.com/mailman/listinfo/ngw



More information about the ngw mailing list