Ldap error code 49 80090308 data 52e

LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 I know "52e" code is when username is valid, but password is invalid. I am using the s...

LDAP: error code 49 — 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

I know «52e» code is when username is valid, but password is invalid. I am using the same user name and password in my apache studio, I was able to establish the connection succesfully to LDAP.

Here is my java code

    String userName = "*******";
    String password = "********";
    String base ="DC=PSLTESTDOMAIN,DC=LOCAL";
    String dn = "cn=" + userName + "," + base;  
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://******");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, dn);
    env.put(Context.SECURITY_CREDENTIALS, password);
    LDAPAuthenticationService ldap = new LDAPAuthenticationService();
   // LdapContext ctx;
    DirContext ctx = null;
    try {
        ctx = new InitialDirContext(env);

My error is on this line: ctx = new InitialDirContext(env);

I do not know what exactly is causing this error.

simbabque's user avatar

simbabque

53.5k8 gold badges77 silver badges133 bronze badges

asked Jul 14, 2015 at 15:59

anusha vannela's user avatar

0

For me the issue resolved when I set the principal section like this:

env.put(Context.SECURITY_PRINCIPAL, userId@domainWithoutProtocolAndPortNo);

answered Nov 9, 2016 at 15:45

Vishal's user avatar

VishalVishal

1,8332 gold badges19 silver badges22 bronze badges

4

In my case I have to use something like <username>@<domain> to successfully login.

sample_user@sample_domain

smonff's user avatar

smonff

3,3513 gold badges39 silver badges46 bronze badges

answered Sep 24, 2018 at 7:50

Linh Nguyen's user avatar

Linh NguyenLinh Nguyen

2012 silver badges8 bronze badges

When you use Context.SECURITY_AUTHENTICATION as «simple», you need to supply the userPrincipalName attribute value (user@domain_base).

answered Oct 9, 2018 at 16:19

MAW's user avatar

MAWMAW

8738 silver badges22 bronze badges

I had a similar issue when using AD on CAS , i.e. 52e error, In my case application accepts the Full Name when in the form of CN= instead of the actual username.

For example, if you had a user who’s full name is Ross Butler and their login username is rbutler —you would normally put something like, cn=rbutler,ou=Users,dc=domain,dc=com but ours failed everytime. By changing this to cn=Ross Butler,ou=Users,dc=domain,dc=com it passed!!

answered Jun 23, 2017 at 5:46

Count's user avatar

CountCount

1,3652 gold badges19 silver badges38 bronze badges

1

For me the issue is resolved by adding domain name in user name as follow:

string userName="yourUserName";
string password="passowrd";
string hostName="LdapServerHostName";
string domain="yourDomain";
System.DirectoryServices.AuthenticationTypes option = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer; 
string userNameWithDomain = string.Format("{0}@{1}",userName , domain);
DirectoryEntry directoryOU = new DirectoryEntry("LDAP://" + hostName, userNameWithDomain, password, option);

answered Nov 23, 2018 at 7:14

Mahsh Nikam's user avatar

if you debug and loook at ctx=null,maybe your username hava proble ,you shoud write like
«acadministrator»(double «») or «administrator@ac»

answered Jul 5, 2019 at 3:34

HaoSi's user avatar

HaoSiHaoSi

211 bronze badge

0

For me the cause of the issue was that the format of username was incorrect. It was earlierly specified as «mydomainuser». I removed the domain part and the error was gone.

PS I was using ServerBind authentication.

answered Feb 24, 2021 at 14:02

arslanahmad656's user avatar

1

LDAP is trying to authenticate with AD when sending a transaction to another server DB. This authentication fails because the user has recently changed her password, although this transaction was generated using the previous credentials. This authentication will keep failing until … unless you change the transaction status to Complete or Cancel in which case LDAP will stop sending these transactions.

answered Apr 13, 2017 at 20:40

Ebrahim's user avatar

For me issue is resolved by changing envs like this:

 env.put("LDAP_BASEDN", base)
 env.put(Context.SECURITY_PRINCIPAL,"user@domain")

answered Aug 28, 2019 at 7:52

user3917389's user avatar

1

Using domain Name may solve the problem (get domain name using powershell: $env:userdomain):

    Hashtable<String, Object> env = new Hashtable<String, Object>();
    String principalName = "domainName\userName";
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://URL:389/OU=ou-xx,DC=fr,DC=XXXXXX,DC=com");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, principalName);
    env.put(Context.SECURITY_CREDENTIALS, "Your Password");

    try {
        DirContext authContext = new InitialDirContext(env);
        // user is authenticated
        System.out.println("USER IS AUTHETICATED");
    } catch (AuthenticationException ex) {
        // Authentication failed
        System.out.println("AUTH FAILED : " + ex);

    } catch (NamingException ex) {
        ex.printStackTrace();
    }

answered Feb 7, 2020 at 11:35

Praveen Gopal's user avatar

2

I’ve tested three diferent approaches and them all worked:

env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_PRINCIPAL, "user@domain.com");
env.put(Context.SECURITY_PRINCIPAL, "CN=user,OU=one,OU=two,DC=domain,DC=com");

If you use the last one, don’t forget to set all the OU’s where the user belongs to. Otherwise it won’t work.

answered Jan 27, 2022 at 15:57

Sergio Gabari's user avatar

In my case I misconfigured email credentials then I corrected

var passport = require('passport'),
    WindowsStrategy = require('passport-windowsauth'),
    User = require('mongoose').model('User');

module.exports = function () {
    passport.use(new WindowsStrategy({ldap: {
        url:            'ldap://corp.company.com:389/DC=corp,DC=company,DC=com',
        base:           'DC=corp,DC=company,DC=com',
        bindDN:         'myid@corp.company.com',
        bindCredentials:'password',
        tlsOptions: {
            ca: [fs.readFileSync("./cert.pem")],
          },
    }, integrated: false},
    function(profile, done) {
        console.log('Windows');
        console.log(profile);
        User.findOrCreate({
            username: profile.id
        }, function(err, user) {
            if (err) {
                return done(err);
            }

            if (!user) {
                return done(null, false, {
                    message: 'Unknown user'
                });
            }

            if (!user.authenticate(password)) {
                return done(null, false, {
                    message: 'Invalid password'
                });
            }

            return done(null, user);
        });
    }));
};

answered May 12, 2022 at 13:50

KARTHIKEYAN.A's user avatar

KARTHIKEYAN.AKARTHIKEYAN.A

16.7k6 gold badges115 silver badges130 bronze badges

Please remove domain from the username «mydomainuser». please put «user» only. do not put domain and backslash .

You do not use ldaps://examplehost:8080(do not use s with ldaps coz cert is required), use ldap://examplehost:8080 then use non-TLS port number. it worked for me.

answered Jul 19, 2022 at 10:13

Kumaresan Perumal's user avatar

Problem

You configure WebSphere Liberty to use LDAP to authenticate users in Active Directory, by adding an <ldapRepository> element to server.xml.  When users try to log in with Active Directory credentials, authentication fails. An error appears in the Opal logs directory:

on Windows: C:IBMi2analyze.olddeploywlpusrserversopal-serverlogs

on Linux: /opt/IBM/i2analyze/deploy/wlp/usr/servers/opal-server/logs

The error in the logs is similar to:

    javax.naming.AuthenticationException: [LDAP: error code 49 — 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e

Diagnosing The Problem

LDAP error 49 is a standard LDAP error, LDAP_INVALID_CREDENTIALS, defined in RFC 2251, Section 44.1.10:


     4.1.10. Result Message

    The LDAPResult is the construct used in this protocol to return success or failure indications from servers to clients.

    In response to various requests servers will return responses containing fields of type LDAPResult to indicate the final status of a protocol operation request.

    LDAPResult ::= SEQUENCE     { resultCode ENUMERATED {

            success (0),

            operationsError (1),

            ….

            invalidCredentials           (49),

 The data in the error is 0x52e. In decimal, this is equal to 1326. This is defined by Microsoft in WinError.h as

        ERROR_LOGON_FAILURE

           1326 (0x52E)

           The user name or password is incorrect.

In short, the error tells us the user name or password used to BIND to Active Directory was incorrect.

Resolving The Problem

Inspect the bindDN and bindPassword attributes of the <ldapRegistry> element in server.xml. Verify they contain the right values, and correct them if necessary.

<ldapRegistry id=»ldap» realm=»MyRealm»

    [ … ]

    bindDN=»cn=i2User,dc=intell, dc=example,dc=com»
    bindPassword=»P@$$Word01″

    [ … ]

</ldapregistry>

After the correct user name and pasword are specified, Liberty is able to BIND to the Active Directory tree; and users can log in normally.

Note that these attributes require the user name and password of the Active Directory BIND context; they are not the user name and password of the interactive user, logging in.

Document Location

Worldwide

[{«Line of Business»:{«code»:»LOB24″,»label»:»Security Software»},»Business Unit»:{«code»:»BU059″,»label»:»IBM Software w/o TPS»},»Product»:{«code»:»SSXVTH»,»label»:»i2 Analyze»},»ARM Category»:[{«code»:»a8m0z000000cwitAAA»,»label»:»i2 Enterprise Insight Analysis->Authentication»}],»ARM Case Number»:»TS005170223″,»Platform»:[{«code»:»PF025″,»label»:»Platform Independent»}],»Version»:»All Version(s)»}]

Historical Number

TS005170223

Problem

Users are unable to log in. Nothing has changed in JIRA side.

The following appears in the atlassian-jira.log:

2017-10-25 14:13:07,009 ERROR [scheduler_Worker-3] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 31064065 ].
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:847)

...

Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]

Cause

LDAP Error 49 data 52e means that the credentials of the user configured to bind LDAP directory with JIRA are incorrect, as described here: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html#CommonUserManagementErrors-ActiveDirectoryError49

This can happen when that user is either removed or has its password changed from LDAP side.

Resolution 1

Follow the steps outlined at Restore Passwords To Recover Admin User Rights. By doing so, you’ll be able to access the User Directory settings and change the «Username» field with a valid admin user or change the «Password» field with the new password, allowing JIRA to connect to LDAP.

As an alternative to Recovery Mode, you could utilize auth_fallback by following the guide: Bypass SAML authentication for Jira Data Center 

Resolution 2

Alternatively, you can run the following query against your database to find out which one is the admin account that JIRA uses to connect to the LDAP:

SELECT * FROM cwd_directory_attribute WHERE attribute_name = 'ldap.userdn'; 

Note: The query may return multiple results in case you have more than one User Directory in your JIRA instance.

Re-adding the user back to the LDAP with the same password should resolve the issue.

Resolution 3

As JIRA storing LDAP Login credential in the database without encryption, you may also update those LDAP credential in your database:

lDAP Password Field

Select * from cwd_directory_attribute where attribute_name = 'ldap.password'

LDAP User Name Field

SELECT * FROM cwd_directory_attribute WHERE attribute_name = 'ldap.userdn';

(info) attribute_value is the fields which storing those data.

(info)  Always perform a backup before you perform edit/update query in the database. It is also highly recommended for you to perform this in a test instance before proceeding with production instance.

LDAP: error code 49 — 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

I know «52e» code is when username is valid, but password is invalid. I am using the same user name and password in my apache studio, I was able to establish the connection succesfully to LDAP.

Here is my java code

    String userName = "*******";
    String password = "********";
    String base ="DC=PSLTESTDOMAIN,DC=LOCAL";
    String dn = "cn=" + userName + "," + base;  
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://******");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, dn);
    env.put(Context.SECURITY_CREDENTIALS, password);
    LDAPAuthenticationService ldap = new LDAPAuthenticationService();
   // LdapContext ctx;
    DirContext ctx = null;
    try {
        ctx = new InitialDirContext(env);

My error is on this line: ctx = new InitialDirContext(env);

I do not know what exactly is causing this error.

simbabque's user avatar

simbabque

53.5k8 gold badges77 silver badges133 bronze badges

asked Jul 14, 2015 at 15:59

anusha vannela's user avatar

0

For me the issue resolved when I set the principal section like this:

env.put(Context.SECURITY_PRINCIPAL, userId@domainWithoutProtocolAndPortNo);

answered Nov 9, 2016 at 15:45

Vishal's user avatar

VishalVishal

1,8332 gold badges19 silver badges22 bronze badges

4

In my case I have to use something like <username>@<domain> to successfully login.

sample_user@sample_domain

smonff's user avatar

smonff

3,3513 gold badges39 silver badges46 bronze badges

answered Sep 24, 2018 at 7:50

Linh Nguyen's user avatar

Linh NguyenLinh Nguyen

2012 silver badges8 bronze badges

When you use Context.SECURITY_AUTHENTICATION as «simple», you need to supply the userPrincipalName attribute value (user@domain_base).

answered Oct 9, 2018 at 16:19

MAW's user avatar

MAWMAW

8738 silver badges22 bronze badges

I had a similar issue when using AD on CAS , i.e. 52e error, In my case application accepts the Full Name when in the form of CN= instead of the actual username.

For example, if you had a user who’s full name is Ross Butler and their login username is rbutler —you would normally put something like, cn=rbutler,ou=Users,dc=domain,dc=com but ours failed everytime. By changing this to cn=Ross Butler,ou=Users,dc=domain,dc=com it passed!!

answered Jun 23, 2017 at 5:46

Count's user avatar

CountCount

1,3652 gold badges19 silver badges38 bronze badges

1

For me the issue is resolved by adding domain name in user name as follow:

string userName="yourUserName";
string password="passowrd";
string hostName="LdapServerHostName";
string domain="yourDomain";
System.DirectoryServices.AuthenticationTypes option = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer; 
string userNameWithDomain = string.Format("{0}@{1}",userName , domain);
DirectoryEntry directoryOU = new DirectoryEntry("LDAP://" + hostName, userNameWithDomain, password, option);

answered Nov 23, 2018 at 7:14

Mahsh Nikam's user avatar

if you debug and loook at ctx=null,maybe your username hava proble ,you shoud write like
«acadministrator»(double «») or «administrator@ac»

answered Jul 5, 2019 at 3:34

HaoSi's user avatar

HaoSiHaoSi

211 bronze badge

0

For me the cause of the issue was that the format of username was incorrect. It was earlierly specified as «mydomainuser». I removed the domain part and the error was gone.

PS I was using ServerBind authentication.

answered Feb 24, 2021 at 14:02

arslanahmad656's user avatar

1

LDAP is trying to authenticate with AD when sending a transaction to another server DB. This authentication fails because the user has recently changed her password, although this transaction was generated using the previous credentials. This authentication will keep failing until … unless you change the transaction status to Complete or Cancel in which case LDAP will stop sending these transactions.

answered Apr 13, 2017 at 20:40

Ebrahim's user avatar

For me issue is resolved by changing envs like this:

 env.put("LDAP_BASEDN", base)
 env.put(Context.SECURITY_PRINCIPAL,"user@domain")

answered Aug 28, 2019 at 7:52

user3917389's user avatar

1

Using domain Name may solve the problem (get domain name using powershell: $env:userdomain):

    Hashtable<String, Object> env = new Hashtable<String, Object>();
    String principalName = "domainName\userName";
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://URL:389/OU=ou-xx,DC=fr,DC=XXXXXX,DC=com");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, principalName);
    env.put(Context.SECURITY_CREDENTIALS, "Your Password");

    try {
        DirContext authContext = new InitialDirContext(env);
        // user is authenticated
        System.out.println("USER IS AUTHETICATED");
    } catch (AuthenticationException ex) {
        // Authentication failed
        System.out.println("AUTH FAILED : " + ex);

    } catch (NamingException ex) {
        ex.printStackTrace();
    }

answered Feb 7, 2020 at 11:35

Praveen Gopal's user avatar

2

I’ve tested three diferent approaches and them all worked:

env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_PRINCIPAL, "user@domain.com");
env.put(Context.SECURITY_PRINCIPAL, "CN=user,OU=one,OU=two,DC=domain,DC=com");

If you use the last one, don’t forget to set all the OU’s where the user belongs to. Otherwise it won’t work.

answered Jan 27, 2022 at 15:57

Sergio Gabari's user avatar

In my case I misconfigured email credentials then I corrected

var passport = require('passport'),
    WindowsStrategy = require('passport-windowsauth'),
    User = require('mongoose').model('User');

module.exports = function () {
    passport.use(new WindowsStrategy({ldap: {
        url:            'ldap://corp.company.com:389/DC=corp,DC=company,DC=com',
        base:           'DC=corp,DC=company,DC=com',
        bindDN:         'myid@corp.company.com',
        bindCredentials:'password',
        tlsOptions: {
            ca: [fs.readFileSync("./cert.pem")],
          },
    }, integrated: false},
    function(profile, done) {
        console.log('Windows');
        console.log(profile);
        User.findOrCreate({
            username: profile.id
        }, function(err, user) {
            if (err) {
                return done(err);
            }

            if (!user) {
                return done(null, false, {
                    message: 'Unknown user'
                });
            }

            if (!user.authenticate(password)) {
                return done(null, false, {
                    message: 'Invalid password'
                });
            }

            return done(null, user);
        });
    }));
};

answered May 12, 2022 at 13:50

KARTHIKEYAN.A's user avatar

KARTHIKEYAN.AKARTHIKEYAN.A

16.7k6 gold badges115 silver badges130 bronze badges

Please remove domain from the username «mydomainuser». please put «user» only. do not put domain and backslash .

You do not use ldaps://examplehost:8080(do not use s with ldaps coz cert is required), use ldap://examplehost:8080 then use non-TLS port number. it worked for me.

answered Jul 19, 2022 at 10:13

Kumaresan Perumal's user avatar

Содержание

  1. LDAP: error code 49 — Invalid Credentials During FileNet Enterprise Manager (FEM) Logon
  2. Troubleshooting
  3. Problem
  4. Symptom
  5. Cause
  6. Diagnosing The Problem
  7. Resolving The Problem
  8. Ldap error invalid credentials error code 49
  9. Asked by:
  10. Question
  11. LDAP Integration — Bind failed: 49: Invalid credentials #4177
  12. Comments
  13. Steps to reproduce
  14. Expected behaviour
  15. Actual behaviour
  16. Server configuration
  17. LDAP configuration (delete this part if not used)
  18. Client configuration
  19. Web server error log
  20. Nextcloud log (data/nextcloud.log)
  21. Browser log
  22. Ldap error invalid credentials error code 49
  23. Asked by:
  24. Question
  25. LDAP Integration — Bind failed: 49: Invalid credentials #4177
  26. Comments
  27. Steps to reproduce
  28. Expected behaviour
  29. Actual behaviour
  30. Server configuration
  31. LDAP configuration (delete this part if not used)
  32. Client configuration
  33. Web server error log
  34. Nextcloud log (data/nextcloud.log)
  35. Browser log

LDAP: error code 49 — Invalid Credentials During FileNet Enterprise Manager (FEM) Logon

Troubleshooting

Problem

Users cannot login to FEM

Symptom

FEM returns a «LDAP: error code 49 — Invalid Credentials»

Cause

1. The credential of the bind user in one of the Directory Configurations is incorrect.
2. The credential of bootstrap user is incorrect

Diagnosing The Problem

Check for Directory Configuration bind user credential is incorrect

1. Check the ping page and confirm that CE has started successfully with no errors.

2. Attempt to login through FEM with a valid user. If the login fails with a LDAP error 49, at least one of the directory configuration bind user credential is incorrect.

Check for bootstrap user credential is incorrect

1. Check the ping page and confirm that CE has started, but the ping page should give a LDAP error 49.

2. Attempt to login through FEM with a valid user. If the login fails with a LDAP error 49, the bootstrap user crenential is incorrect.

Resolving The Problem

Using a third-party tool, login to the LDAP server with directory configuration bind user credential. If login is unsuccessful, contact an LDAP administrator to get the correct password. If login is successful, the bootstrap or bind user credential is incorrect.

Directory Configuration bind user credential is incorrect

Use the GCDUtil tool to modify the Directory Configuration bind user password

Bootstrap user credential is incorrect

Start CMUI tool, run the bootstrap task to update the bootstrap user credentials, and then redeploy CE.

Источник

Ldap error invalid credentials error code 49

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Asked by:

Question

We are developing a LDAP authentication against Active Directory, we met the follow errors, although the username and password are correct.

LDAP: error code 49 — 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece

The user detail is: CN=Peter, Lia ,OU=DEV,OU=HK_U,OU=cita,OU=US,DC=achtest,DC=local

As you may saw, the last name of this user has a backslash, plus a space in CN, we guess it may be the problem, since other users don’t have this problem if the last name of users don’t have a backslash and a space.

However we don’t know how we can add a new user to duplicate this issue, since it’s not way to add a new user with space in the end of name, the Active Directory will auto trim the space when system save the new user to database.

My questions are:

1. Do you have this kind of experience? Any idea to resolve?

2. How we can add a new user with a space in the end of last name? and then we can replicate this issue again?

Источник

LDAP Integration — Bind failed: 49: Invalid credentials #4177

Steps to reproduce

  1. Connect to LDAP Server, Configuration OK. 301 Users found, they show up in User category.
    2.Try to log in with a user, using the ‘username’ displayed in NC
    3.Wrong Password shows up and user is rejected, log says Bind failed: 49: Invalid credentials

Expected behaviour

User should be authenticated and logged in

Actual behaviour

User is rejected

Server configuration

Operating system:
Ubuntu 12.04.5 LTS
Web server:
Apache2
Database:
MySql
PHP version:
PHP 7.0.15-0ubuntu0.16.04.4
Nextcloud version: (see Nextcloud admin page)
11,0,2,7
Updated from an older Nextcloud/ownCloud or fresh install:
Fresh install
Where did you install Nextcloud from:
Tar from official website: Nextcloud-11.0.2.tar.bz2
Signing status:

List of activated apps:

  • activity: 2.4.1
  • admin_audit: 1.1.0
  • comments: 1.1.0
  • dav: 1.1.1
  • federatedfilesharing: 1.1.1
  • federation: 1.1.1
  • files: 1.6.1
  • files_pdfviewer: 1.0.1
  • files_sharing: 1.1.1
  • files_texteditor: 2.2
  • files_trashbin: 1.1.0
  • files_versions: 1.4.0
  • files_videoplayer: 1.0.0
  • firstrunwizard: 2.0
  • gallery: 16.0.0
  • logreader: 2.0.0
  • lookup_server_connector: 1.0.0
  • nextcloud_announcements: 1.0
  • notifications: 1.0.1
  • provisioning_api: 1.1.0
  • serverinfo: 1.1.1
  • sharebymail: 1.0.1
  • survey_client: 0.1.5
  • systemtags: 1.1.3
  • theming: 1.1.1
  • twofactor_backupcodes: 1.0.0
  • updatenotification: 1.1.1
  • user_external: 0.4
  • user_ldap: 1.1.2
  • workflowengine: 1.1.1
    Disabled:
  • encryption
  • external
  • files_accesscontrol
  • files_automatedtagging
  • files_external
  • files_retention
  • password_policy
  • templateeditor
  • user_saml

The content of config/config.php:

Are you using external storage, if yes which one: local/smb/sftp/.
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/.
LDAP:
Kerberos with LDAP as login agent

LDAP configuration (delete this part if not used)

Client configuration

Browser:

Operating system:

Web server error log

Nextcloud log (data/nextcloud.log)

+——————————-+————————————————————————————-+
| Configuration | s01 |
+——————————-+————————————————————————————-+
| hasMemberOfFilterSupport | |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=ADMIN,dc=ds,dc=local |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=ds,dc=local |
| ldapBaseGroups | dc=ds,dc=local |
| ldapBaseUsers | ou=people,dc=ds,dc=local |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | uid |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=posixGroup))) |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 1 |
| ldapGroupFilterObjectclass | posixGroup |
| ldapGroupMemberAssocAttr | memberUid |
| ldapHost | teller.ds.local |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(|(objectclass=inetOrgPerson))(uid=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 1 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 1 |
| ldapOverrideMainServer | |
| ldapPagingSize | 1000 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | cn |
| ldapUserDisplayName2 | |
| ldapUserFilter | (|(objectclass=inetOrgPerson)(objectclass=krb5Principal)(objectclass=posixAccount)) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | inetOrgPerson;krb5Principal;posixAccount |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 1 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+——————————-+————————————————————————————-+
+——————————-+—————+
| Configuration | s02 |
+——————————-+—————+
| hasMemberOfFilterSupport | 0 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | |
| ldapBaseGroups | |
| ldapBaseUsers | |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 0 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+——————————-+—————+

Browser log

Due to personal info and IP’s I can’t admitt the log. Putting warnings and errors here.
Warning user_ldap Bind failed: 49: Invalid credentials
Warning core Login failed: ‘Username’
Error index OCServerNotAvailableException: Connection to LDAP server could not be established (This one might have showed up when I was tinkering and is probably not a permanent one)
Error PHP ldap_search(): Partial search results returned: Sizelimit exceeded at /var/www/nextcloud/apps/user_ldap/lib/LDAP.php#293

The text was updated successfully, but these errors were encountered:

Источник

Ldap error invalid credentials error code 49

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Asked by:

Question

We are developing a LDAP authentication against Active Directory, we met the follow errors, although the username and password are correct.

LDAP: error code 49 — 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece

The user detail is: CN=Peter, Lia ,OU=DEV,OU=HK_U,OU=cita,OU=US,DC=achtest,DC=local

As you may saw, the last name of this user has a backslash, plus a space in CN, we guess it may be the problem, since other users don’t have this problem if the last name of users don’t have a backslash and a space.

However we don’t know how we can add a new user to duplicate this issue, since it’s not way to add a new user with space in the end of name, the Active Directory will auto trim the space when system save the new user to database.

My questions are:

1. Do you have this kind of experience? Any idea to resolve?

2. How we can add a new user with a space in the end of last name? and then we can replicate this issue again?

Источник

LDAP Integration — Bind failed: 49: Invalid credentials #4177

Steps to reproduce

  1. Connect to LDAP Server, Configuration OK. 301 Users found, they show up in User category.
    2.Try to log in with a user, using the ‘username’ displayed in NC
    3.Wrong Password shows up and user is rejected, log says Bind failed: 49: Invalid credentials

Expected behaviour

User should be authenticated and logged in

Actual behaviour

User is rejected

Server configuration

Operating system:
Ubuntu 12.04.5 LTS
Web server:
Apache2
Database:
MySql
PHP version:
PHP 7.0.15-0ubuntu0.16.04.4
Nextcloud version: (see Nextcloud admin page)
11,0,2,7
Updated from an older Nextcloud/ownCloud or fresh install:
Fresh install
Where did you install Nextcloud from:
Tar from official website: Nextcloud-11.0.2.tar.bz2
Signing status:

List of activated apps:

  • activity: 2.4.1
  • admin_audit: 1.1.0
  • comments: 1.1.0
  • dav: 1.1.1
  • federatedfilesharing: 1.1.1
  • federation: 1.1.1
  • files: 1.6.1
  • files_pdfviewer: 1.0.1
  • files_sharing: 1.1.1
  • files_texteditor: 2.2
  • files_trashbin: 1.1.0
  • files_versions: 1.4.0
  • files_videoplayer: 1.0.0
  • firstrunwizard: 2.0
  • gallery: 16.0.0
  • logreader: 2.0.0
  • lookup_server_connector: 1.0.0
  • nextcloud_announcements: 1.0
  • notifications: 1.0.1
  • provisioning_api: 1.1.0
  • serverinfo: 1.1.1
  • sharebymail: 1.0.1
  • survey_client: 0.1.5
  • systemtags: 1.1.3
  • theming: 1.1.1
  • twofactor_backupcodes: 1.0.0
  • updatenotification: 1.1.1
  • user_external: 0.4
  • user_ldap: 1.1.2
  • workflowengine: 1.1.1
    Disabled:
  • encryption
  • external
  • files_accesscontrol
  • files_automatedtagging
  • files_external
  • files_retention
  • password_policy
  • templateeditor
  • user_saml

The content of config/config.php:

Are you using external storage, if yes which one: local/smb/sftp/.
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/.
LDAP:
Kerberos with LDAP as login agent

LDAP configuration (delete this part if not used)

Client configuration

Browser:

Operating system:

Web server error log

Nextcloud log (data/nextcloud.log)

+——————————-+————————————————————————————-+
| Configuration | s01 |
+——————————-+————————————————————————————-+
| hasMemberOfFilterSupport | |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=ADMIN,dc=ds,dc=local |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=ds,dc=local |
| ldapBaseGroups | dc=ds,dc=local |
| ldapBaseUsers | ou=people,dc=ds,dc=local |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | uid |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (&(|(objectclass=posixGroup))) |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 1 |
| ldapGroupFilterObjectclass | posixGroup |
| ldapGroupMemberAssocAttr | memberUid |
| ldapHost | teller.ds.local |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(|(objectclass=inetOrgPerson))(uid=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 1 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 1 |
| ldapOverrideMainServer | |
| ldapPagingSize | 1000 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | cn |
| ldapUserDisplayName2 | |
| ldapUserFilter | (|(objectclass=inetOrgPerson)(objectclass=krb5Principal)(objectclass=posixAccount)) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | inetOrgPerson;krb5Principal;posixAccount |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 1 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+——————————-+————————————————————————————-+
+——————————-+—————+
| Configuration | s02 |
+——————————-+—————+
| hasMemberOfFilterSupport | 0 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | |
| ldapBaseGroups | |
| ldapBaseUsers | |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 0 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+——————————-+—————+

Browser log

Due to personal info and IP’s I can’t admitt the log. Putting warnings and errors here.
Warning user_ldap Bind failed: 49: Invalid credentials
Warning core Login failed: ‘Username’
Error index OCServerNotAvailableException: Connection to LDAP server could not be established (This one might have showed up when I was tinkering and is probably not a permanent one)
Error PHP ldap_search(): Partial search results returned: Sizelimit exceeded at /var/www/nextcloud/apps/user_ldap/lib/LDAP.php#293

The text was updated successfully, but these errors were encountered:

Источник

I recently saw my log files as we were experiencing slowness in our application and found the follwoing error message :
javax.naming.AuthenticationException: [LDAP: error code 49 — 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext
error, data 52e, v893]; remaining name ‘dc=hess,dc=pri,dc=com’
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2549)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2523)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1904)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1809)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1734)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:328)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:313)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:238)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.getGroupNames(LdapRswSecurityDao.java:197)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.authenticateAndReadUser(LdapRswSecurityDao.java:92)
at com.retek.rsw.service.RswSecurity.getUser(RswSecurity.java:47)
at com.retek.rsw.ui.control.security.LoginDoneAction.perform(LoginDoneAction.java:37)
at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1787)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1586)
at com.retek.struts.action.ActionServlet.process(ActionServlet.java:227)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

Can anyone please help me understand this message. I looked it up on the internet and it said that you DN’s are not set properly, if that is the case then none of the users should be able to login then howcome users are able to login?
Thanks in Advance,
Joyce

Понравилась статья? Поделить с друзьями:

Читайте также:

  • Ldap error code 1 000004dc
  • Launcher error ксс
  • Ldap error 82 0x52
  • Launcher error unicode directory path not supported cs go error 0x041d
  • Launcher error unable to open archive file windows 10

  • 0 0 голоса
    Рейтинг статьи
    Подписаться
    Уведомить о
    guest

    0 комментариев
    Старые
    Новые Популярные
    Межтекстовые Отзывы
    Посмотреть все комментарии