Microsoft KB Archive/195210

= Lightweight Directory Access Protocol Does Not Log Invalid P&M Password Attempts =

Article ID: 195210

Article Last Modified on 7/22/1999

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q195210



SYMPTOMS
When a user connects to a Web site that is configured to use Microsoft Personalization and Membership Server, he or she is prompted for a user name and password. If the specified user name is not found in the Lightweight Directory Access Protocol (LDAP) database, the LDAP log reports an error code of 32. LDAP RFC 1777 defines this result code as "no such object." The following is an example of such an LDAP log entry:   xxx.xx.xxx.xxx, cn=MBSBRKR2_SERVER1,ou=members,o=test, 9/28/98, 11:21:05, LDAPSVC2, SERVER1, -, 6713133, 1471, 24886, 32, 0, SEARCH, CN=kjhbe,ou=members,o=test, NULL, However, if a valid user name is specified with an invalid password, the LDAP log shows a 0 result code, which means a success. Below is an example of such an LDAP log entry:   xxx.xx.xxx.xxx, cn=MBSBRKR2_SERVER1,ou=members,o=test, 9/28/98, 11:26:46, LDAPSVC2, SERVER1, -, 7054063, 1557, 24901, 0, 0, SEARCH, CN=administrator,ou=members,o=test, NULL,



CAUSE
The LDAP cannot be used to monitor password validation in Microsoft Personalization and Membership Server (P&M). P&M uses LDAP to find a user. That is why the first log entry in the "Symptoms" section shows an error. Once the user is found in the directory, P&M validates the password.



WORKAROUND
If the password is invalid, a counter is incremented that causes the account to be blacked out after 25 incorrect password attempts within three minutes. To change AuthAccountDenyTimeout and AuthAccountDenyThreshold settings, see the following article in the Microsoft Knowledge Base:

ARTICLE-ID: 194783

TITLE : PMAdmin Fails to Set AuthAccountDenyThreshold or Timeout

All accounts that are blacked out are logged in the Windows NT Event log.

Keywords: kbbug kbnofix KB195210

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.