In some installations, the eDirectory server is protected behind a firewall, but the iManager server is open to the outside world to allow management from home or on the road. Access to iManager is controlled with, , and fields on the login screen. In such installations, it is often desirable to tighten security to avoid revealing any information about the system.
Standard iManager configurations pass through eDirectory messages related to invalid user names and passwords during iManager authentication. These messages can inadvertently provide too much information to potential crackers. To avoid this, iManager 2.7 includes a configuration option to hide the specific reason for login failure. When enabled, the following error messages are replaced with a generic error message that reads: Login Failure. Invalid Username or Password.
Invalid Username (-601)
Incorrect password (-669)
Expired password or disabled account (-220)
To enable this setting, open the Authenticate.Form.HideLoginFailReason=true in iManager’s config.xml file.view and select > . On the tab, select . This sets
Additionally, iManager 2.7 does not support the asterisk (*) character as a wildcard in thefield. This prevents unauthorized users from discovering valid user names. It also prevents possible denial-of-service attacks that attempt to overload the eDirectory server by continually attempting a login using only the wildcard (*), which forces eDirectory to search for and return all matching user names.