FreeIPA server logs message to DS errors log (default logging level) whenever someone binds with wrong bindDN:
ldapsearch -h `hostname` -D "admin" -x -w Secret123 -b "" -s base
Log:
# tail /var/log/dirsrv/slapd-MKOSEK-RHEL71-TEST/errors [06/Feb/2015:07:43:21 -0500] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "admin": 32 [06/Feb/2015:07:43:21 -0500] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "admin": 32
This is not really an error that should go into the default DS errors log, but rather expected state when binding with non-existing DN. It for example fills errors log in FreeIPA demo.
4.1.3 was released.
4.1.4 was released, moving to new milestone
This may be a useful error IMO - it provides a method to detect and deal with brute-force attacks if your directory is accessible to potentially malicious parties. In the real world (ie - not the demo), if you're getting enough of these to fill your logs, you likely have a problem somewhere (mis-configured client or similar).
pdf, yes, but this should go to access log as all other similar errors. Errors in this ticket are just some quicks in FreeIPA-specific DS plugins and should be fixed.
master:
ipa-4-1:
Metadata Update from @mkosek: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.1.5
Login to comment on this ticket.