Working with eDirectory and LDAP for the first time in about six years. Siteminder, which I do not administer is showing several entries for users with a high processing time to authenticate via eDirectory LDAP. Looking at the ndstrace logs for a particular user that corresponds to the Siteminder times I see the following. Starting at 9:26:21 there are several entries in the ndstrace log for this user. Then at 9:26:30 I see a -669 for this user. I will also see -220, 222, 49 and 53 errors for other users which correspond to the Siteminder logs. What exactly am I seeing. It looks to me they are authentication errors, bad PW, account expired etc. Why are there so many entries for a user to authenticate. And why would it take Siteminder so long to receive a result, positive or negative. How do I know the -669 error is really for the v0984 user. What exactly does a successful bind look like. In other words I could use some assistance reading these logs. They appear different than what I saw in the past. By the way, its very good to be working with SLES and eDirectory after a six year hiatus!! Thanks in advance!

base: "cn=v0984,ou=xxx,ou=xx,o=xxxx"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "cn"
attribute: "mail"
attribute: "preferredlanguage"
attribute: "uid"
09:26:21 2C701700 LDAP: (172.16.254.87:55852)(0x000e:0x63) Sending search result entry "cn=V0984,ou=XXX,ou=XX,o=XXXX" to connection 0x7ff20a80
09:26:21 2C701700 LDAP: (172.16.254.87:55852)(0x000e:0x63) Sending operation result 0:"":"" to connection 0x7ff20a80
09:26:21 3AAE4700 LDAP: (172.16.254.87:61153)(0x05f0:0x63) DoSearch on connection 0x804c6a80
09:26:21 3AAE4700 LDAP: (172.16.254.87:61153)(0x05f0:0x63) Search request:

base: "cn=v0984,ou=xxx,ou=xx,o=xxxx"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "cn"
attribute: "mail"

base: "cn=v0984,ou=xxx,ou=xx,o=xxxx"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "cn"
attribute: "mail"
09:26:21 30A44700 LDAP: (172.16.35.173:49796)(0x04f0:0x60) Bind xxme:cn=VE051,ou=XXX,ou=XX,o=XXXX, version:3, authentication:simple
09:26:21 372AC700 LDAP: (172.16.254.87:55852)(0x0011:0x63) Sending search result entry "cn=V0984,ou=XXX,ou=XX,o=XXXX" to connection 0x7ff20a80
09:26:21 372AC700 LDAP: (172.16.254.87:55852)(0x0011:0x63) Sending operation result 0:"":"" to connection 0x7ff20a80
09:26:21 30A44700 LDAP: (172.16.35.173:49796)(0x04f0:0x60) Sending operation result 0:"":"" to connection 0x7dccd880
09:26:21 4063F700 LDAP: (172.16.35.173:49795)(0xb361:0x66) DoModify on connection 0x7dccc700
09:26:21 4063F700 LDAP: (172.16.35.173:49795)(0xb361:0x66) modify: dn (cn=VE051,ou=XXX,ou=XX,o=XXXX)
09:26:21 4063F700 LDAP: (172.16.35.173:49795)(0xb361:0x66) modifications:
09:26:21 4063F700 LDAP: (172.16.35.173:49795)(0xb361:0x66) replace: smPasswordData
09:26:21 4063F700 LDAP: (172.16.35.173:49795)(0xb361:0x66) Sending operation result 0:"":"" to connection 0x7dccc700
09:26:21 42355700 LDAP: (172.16.35.174:49810)(0xbd0e:0x63) DoSearch on connection 0x7d08ea80
09:26:21 42355700 LDAP: (172.16.35.174:49810)(0xbd0e:0x63) Search request:

base: "cn=v0984,ou=xxx,ou=xx,o=xxxx"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "cn"
attribute: "givenxxme"
attribute: "mail"
attribute: "sn"
attribute: "uid"
09:26:27 41E50700 LDAP: (172.16.254.87:55852)(0x0018:0x63) Sending search result entry "cn=V0984,ou=XXX,ou=XX,o=XXXX" to connection 0x7ff20a80
09:26:27 41E50700 LDAP: (172.16.254.87:55852)(0x0018:0x63) Sending operation result 0:"":"" to connection 0x7ff20a80
09:26:28 3BDF7700 LDAP: (172.16.254.83:50526)(0x58965:0x63) DoSearch on connection 0x7f774a80
09:26:28 3BDF7700 LDAP: (172.16.254.83:50526)(0x58965:0x63) Search request:
base: "ou=XX,o=XXXX"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(uID=yvg5602)(objectClass=user)(polExxbled= Y))"
no attributes

base: "cn=v0984,ou=xxx,ou=xx,o=xxxx"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "cn"
attribute: "givenxxme"
attribute: "sn"
attribute: "uid"
09:26:30 34781700 LDAP: (172.16.254.87:55852)(0x001d:0x63) Sending search result entry "cn=V0984,ou=XXX,ou=XX,o=XXXX" to connection 0x7ff20a80
09:26:30 34781700 LDAP: (172.16.254.87:55852)(0x001d:0x63) Sending operation result 0:"":"" to connection 0x7ff20a80
09:26:30 33771700 LDAP: (172.16.254.87:64511)(0x0001:0x60) Failed to authenticate local on connection 0x825a1c00, err = failed authentication (-669)
09:26:30 33771700 LDAP: (172.16.254.87:64511)(0x0001:0x60) Sending operation result 49:"":"NDS error: failed authentication (-669)" to connection 0x825a1c00
09:26:30 44779700 LDAP: (172.16.254.87:64511)(0x0002:0x42) DoUnbind on connection 0x825a1c00
09:26:30 44779700 LDAP: Connection 0x825a1c00 closed
09:26:30 57327700 LDAP: (172.16.254.87:51549)(0x00cb:0x63) DoSearch on connection 0x7fbb7880
09:26:30 57327700 LDAP: (172.16.254.87:51549)(0x00cb:0x63) Search request:
base: "ou=XXX,ou=XX,o=XXXX"
scope:2 dereference:3 sizelimit:999 timelimit:0 attrsonly:0
filter: "(&(objectclass=inetOrgPerson)(cn=AGJ96))"
no attributes