× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I was finding a user profile being disabled by a ldap connection.

First, I did the CRTMSGQ QSYSMSG to copy 'serious' messages from qsysopr
automatically to that one.
Then I noticed this message appearing
CPF1393 - User profile <redacted> has been disabled.
F9=Display message details
From job . . . . . . . . . . . : QUSRDIR
User . . . . . . . . . . . . : QDIRSRV
Number . . . . . . . . . . . : 447554
WRKJOB QUSRDIR
10. Display job log
And it even tells me the IP address that did it.
Twas an error in an application migration. I'll get that resolved.

However, while looking at that joblog I noticed numerous
Message ID . . . . . . : GLD0120
Message . . . . : Bind error with directory server.

Cause . . . . . : Distinguished name (dn) 'CN=ADMINISTRATOR' at IP
address
<redacted> failed to bind with the directory server.
Recovery . . . : This condition may occur when the user name or
password is
incorrect. The server will continue to operate normally. Repeated
failures
for the same user or from the same IP address may indicate that someone
is
trying to guess a correct user name and password.

The IP address is the same IP address as this lpar of IBM i.
Something on it is trying to do a ldap bind as ADMINISTRATOR. It's
hacking itself.

Is there some setup I've missed? Some default user in service or some
other area that needs to be configured?


Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.