Ldap error code 49 80090308 ldaperr dsid 0c090447

LDAP Authentication fails if using sAMAccountName #2936 Comments Steps to reproduce Configure username for connecting to AD with sAMAccountname User name attribute set to sAMAccountName User Object Filter set to (objectCategory=Person)(sAMAccountName=*)) Test configuration with sAMAccountName of a user Expected behaviour Actual behaviour Caution Error : 49 — Invalid credentials 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext […]

Содержание

  1. LDAP Authentication fails if using sAMAccountName #2936
  2. Comments
  3. Steps to reproduce
  4. Expected behaviour
  5. Actual behaviour
  6. Server configuration
  7. Client configuration
  8. Web server error log
  9. Log from the web-browser developer console (CTRL + SHIFT + i)
  10. Ldap error code 49 80090308 ldaperr dsid 0c090447
  11. Microsoft Active Directory LDAP Result Codes sub-codes for Bind Response:#
  12. Users are unable to log in to JIRA (LDAP: error code 49, data 52e)
  13. Atlassian Knowledge Base
  14. On this page
  15. Related content
  16. Still need help?
  17. Problem
  18. Cause
  19. Resolution 1
  20. Resolution 2
  21. Resolution 3
  22. LDAP: error code 49 — 80090308
  23. Confluence Support
  24. Get started
  25. Knowledge base
  26. Products
  27. Jira Software
  28. Jira Service Management
  29. Jira Work Management
  30. Confluence
  31. Bitbucket
  32. Resources
  33. Documentation
  34. Community
  35. System Status
  36. Suggestions and bugs
  37. Marketplace
  38. Billing and licensing
  39. Viewport
  40. Confluence
  41. Users are unable to log in to Confluence (LDAP: error code 49, data 52e)
  42. Related content
  43. Still need help?
  44. Problem
  45. Cause
  46. Resolution 1
  47. Resolution 2

LDAP Authentication fails if using sAMAccountName #2936

Steps to reproduce

  1. Configure username for connecting to AD with sAMAccountname
  2. User name attribute set to sAMAccountName
  3. User Object Filter set to (objectCategory=Person)(sAMAccountName=*))
  4. Test configuration with sAMAccountName of a user

Expected behaviour

Actual behaviour

Caution
Error : 49 — Invalid credentials
80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839

Server configuration

Operating system:
Alpine Linux

Web server:
Apache

Database:
Amazon Aurora RDS (mysql 5.7)

PHP version:
7.4

Teampass version:
3.0.0.8

Teampass configuration file:

Updated from an older Teampass or fresh install:
PLEASE attach to this issue the file /includes/config/tp.config.php .

Client configuration

Browser:

Operating system:

Web server error log

Log from the web-browser developer console (CTRL + SHIFT + i)

The text was updated successfully, but these errors were encountered:

Hello,
I have similar setup and it works smoothly.

While googling your error, I found this page https://ldapwiki.com/wiki/Common%20Active%20Directory%20Bind%20Errors
Perhaps this could help you but I don’t see how the Adldap could be wrong there.
I would be greatly interested in having any feedback.
Perhaps something needs to be robustified.

This is the error I keep getting. I even get the same error when testing and using my own credentials which I know work.

weird thing. If I use cn as the username with which to bind, change the username attribute to cn and then test the configuration with the following:

«firstname» «surname» (theres a space between the two), it succesfully passes. as soon as I change back to samaccountname it fails. @nilsteampassnet the only difference i can see between both of our configs is that you are using OpenLDAP whereas I am using Active Directory.

I did read somewhere about issues when the cn and samaccountname’s are different, but I cannot seem to find that link again and dont even know if this is a valid reason?

hi @nilsteampassnet. Do you have any further updates on this?

Has anyone got TeamPass 3.0.0.8 working using samAccountName with Active Directory?

For the life of me I can get LDAP to work. We have an old version of teampass (2.1.23) and rather than going through the upgrade path, I figured maybe installing the latest version would be better and then just manually transfer the passwords over.

Installation of 3.0.0.7 went fine but I can’t get LDAP to function. I updated 3.0.0.7 to 3.0.0.8, and while I no longer get the «couldn’t connect to LDAP» error, I’m either getting an authentication error or just «in progress» with errors in the apache log.

I’ve tried all sorts of combinations. I can’t upload pictures from work, but if I use as the bind user the full distinguished name like for example:

User name attribute : cn

Then in the logs I get:

Uncaught LdapRecord\Query\ObjectNotFoundException: No LDAP query results for filter: [(**cn=CN=**sa_ldap,OU=ServiceAccounts,OU=foo,DC=bar,DC=com)] in: [] in /opt/websites/teampass-3.0.0.7/includes/libraries/LdapRecord/Query/ObjectNotFoundException.php

It adds this double CN=. Tried without, no luck. I must be doing something wrong. Is anyone getting LDAP to work with AD?

sAMAccountName does not work as others pointed out.

Источник

Ldap error code 49 80090308 ldaperr dsid 0c090447

When you see an entry similar to:

The hex values will resolve to a Microsoft Response Code that may provide more information.

Microsoft Active Directory LDAP Result Codes sub-codes for Bind Response:#

Code hex DEC Short Description More Information Comments
49 525 1317 LDAP_NO_SUCH_OBJECT Entry does not exist.
49 52e 1326 ERROR_LOGON_FAILURE Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.
49 52f 1327 ERROR_ACCOUNT_RESTRICTION Account Restrictions are preventing this user from signing in. For example: blank passwords aren’t allowed, sign-in times are limited, or a policy restriction has been enforced.
49 530 1328 ERROR_INVALID_LOGON_HOURS Time Restriction:Entry logon time restriction violation
49 531 1329 ERROR_INVALID_WORKSTATION Device Restriction:Entry not allowed to log on to this computer.
49 532 1330 ERROR_PASSWORD_EXPIRED Password Expiration: Entry password has expired LDAP User-Account-Control Attribute — ERROR_PASSWORD_EXPIRED NOTE: Returns only when presented with valid username and password/credential.
49 533 1331 ERROR_ACCOUNT_DISABLED Administratively Disabled: LDAP User-Account-Control Attribute — ACCOUNTDISABLE NOTE: Returns only when presented with valid username and password/credential.
49 568 1384 ERROR_TOO_MANY_CONTEXT_IDS During a logon attempt, the user’s security context accumulated too many security Identifiers. (ie Group-AD)
49 701 1793 ERROR_ACCOUNT_EXPIRED LDAP Password Expiration: User-Account-Control Attribute — ACCOUNTEXPIRED NOTE: Returns only when presented with valid username and password/credential.
49 773 1907 ERROR_PASSWORD_MUST_CHANGE Password Expiration: Entry’s password must be changed before logging on LDAP pwdLastSet: value of 0 indicates admin-required password change — MUST_CHANGE_PASSWD NOTE: Returns only when presented with valid username and password/credential.
49 775 1909 ERROR_ACCOUNT_LOCKED_OUT Intruder Detection:Entry is currently locked out and may not be logged on to LDAP User-Account-Control Attribute — LOCKOUT NOTE: Returns even if invalid password is presented
49 80090346 .. ERROR_ACCOUNT_LOCKED_OUT AcceptSecurityContext error SEC_E_BAD_BINDINGS — Client’s supplied Security Support Provider Interface (SSPI) Channel Bindings were incorrect.

Common Active Directory Bind Errors will often be shown within the Windows Event Log as Event 4625

Источник

Users are unable to log in to JIRA (LDAP: error code 49, data 52e)

Atlassian Knowledge Base

On this page

Related content

Still need help?

The Atlassian Community is here for you.

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms .

Problem

Users are unable to log in. Nothing has changed in JIRA side.

The following appears in the atlassian-jira .log:

Cause

LDAP Error 49 data 52e means that the credentials of the user configured to bind LDAP directory with JIRA are incorrect, as described here: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html#CommonUserManagementErrors-ActiveDirectoryError49

This can happen when that user is either removed or has its password changed from LDAP side.

Resolution 1

Follow the steps outlined at Restore Passwords To Recover Admin User Rights. By doing so, you’ll be able to access the User Directory settings and change the «Username» field with a valid admin user or change the «Password» field with the new password, allowing JIRA to connect to LDAP.

Resolution 2

Alternatively, you can run the following query against your database to find out which one is the admin account that JIRA uses to connect to the LDAP:

Note: The query may return multiple results in case you have more than one User Directory in your JIRA instance.

Re-adding the user back to the LDAP with the same password should resolve the issue.

Resolution 3

As JIRA storing LDAP Login credential in the database without encryption, you may also update those LDAP credential in your database:

lDAP Password Field

LDAP User Name Field

attribute_value is the fields which storing those data.

Always perform a backup before you perform edit/update query in the database. It is also highly recommended for you to perform this in a test instance before proceeding with production instance.

Источник

LDAP: error code 49 — 80090308

I recently saw my log files as we were experiencing slowness in our application and found the follwoing error message :
javax.naming.AuthenticationException: [LDAP: error code 49 — 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext
error, data 52e, v893]; remaining name ‘dc=hess,dc=pri,dc=com’
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2549)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2523)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1904)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1809)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1734)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:328)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:313)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:238)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.getGroupNames(LdapRswSecurityDao.java:197)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.authenticateAndReadUser(LdapRswSecurityDao.java:92)
at com.retek.rsw.service.RswSecurity.getUser(RswSecurity.java:47)
at com.retek.rsw.ui.control.security.LoginDoneAction.perform(LoginDoneAction.java:37)
at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1787)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1586)
at com.retek.struts.action.ActionServlet.process(ActionServlet.java:227)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

Can anyone please help me understand this message. I looked it up on the internet and it said that you DN’s are not set properly, if that is the case then none of the users should be able to login then howcome users are able to login?
Thanks in Advance,
Joyce

Источник

Confluence Support

Get started

Knowledge base

Products

Jira Software

Project and issue tracking

Jira Service Management

Service management and customer support

Jira Work Management

Manage any business project

Confluence

Bitbucket

Git code management

Resources

Documentation

Usage and admin help

Answers, support, and inspiration

System Status

Cloud services health

Suggestions and bugs

Feature suggestions and bug reports

Marketplace

Billing and licensing

Frequently asked questions

Viewport

Confluence

Users are unable to log in to Confluence (LDAP: error code 49, data 52e)

Related content

Still need help?

The Atlassian Community is here for you.

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms .

Problem

Users are unable to log in. Nothing has changed in Confluence side.

The following appears in the atlassian.confluence.log:

Cause

LDAP Error 49 data 52e means that the credentials of the user configured to bind LDAP directory with Confluence are incorrect, as described here: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html#CommonUserManagementErrors-ActiveDirectoryError49

This can happen when that user is either removed or has its password changed from LDAP side.

Resolution 1

Follow the steps outlined at Restore Passwords To Recover Admin User Rights. By doing so, you’ll be able to access the User Directory settings and change the «Username» field with a valid admin user or change the «Password» field with the new password, allowing Confluence to connect to LDAP.

Resolution 2

Alternatively, you can run the following query against your database to find out which one is the admin account that Confluence uses to connect to the LDAP:

Note: The query may return multiple results in case you have more than one User Directory in your Confluence instance.

Re-adding the user back to the LDAP with the same password should resolve the issue.

Источник

LDAP: error code 49 — 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

I know «52e» code is when username is valid, but password is invalid. I am using the same user name and password in my apache studio, I was able to establish the connection succesfully to LDAP.

Here is my java code

    String userName = "*******";
    String password = "********";
    String base ="DC=PSLTESTDOMAIN,DC=LOCAL";
    String dn = "cn=" + userName + "," + base;  
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://******");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, dn);
    env.put(Context.SECURITY_CREDENTIALS, password);
    LDAPAuthenticationService ldap = new LDAPAuthenticationService();
   // LdapContext ctx;
    DirContext ctx = null;
    try {
        ctx = new InitialDirContext(env);

My error is on this line: ctx = new InitialDirContext(env);

I do not know what exactly is causing this error.

simbabque's user avatar

simbabque

53.5k8 gold badges77 silver badges133 bronze badges

asked Jul 14, 2015 at 15:59

anusha vannela's user avatar

0

For me the issue resolved when I set the principal section like this:

env.put(Context.SECURITY_PRINCIPAL, userId@domainWithoutProtocolAndPortNo);

answered Nov 9, 2016 at 15:45

Vishal's user avatar

VishalVishal

1,8332 gold badges19 silver badges22 bronze badges

4

In my case I have to use something like <username>@<domain> to successfully login.

sample_user@sample_domain

smonff's user avatar

smonff

3,3513 gold badges39 silver badges46 bronze badges

answered Sep 24, 2018 at 7:50

Linh Nguyen's user avatar

Linh NguyenLinh Nguyen

2012 silver badges8 bronze badges

When you use Context.SECURITY_AUTHENTICATION as «simple», you need to supply the userPrincipalName attribute value (user@domain_base).

answered Oct 9, 2018 at 16:19

MAW's user avatar

MAWMAW

8738 silver badges22 bronze badges

I had a similar issue when using AD on CAS , i.e. 52e error, In my case application accepts the Full Name when in the form of CN= instead of the actual username.

For example, if you had a user who’s full name is Ross Butler and their login username is rbutler —you would normally put something like, cn=rbutler,ou=Users,dc=domain,dc=com but ours failed everytime. By changing this to cn=Ross Butler,ou=Users,dc=domain,dc=com it passed!!

answered Jun 23, 2017 at 5:46

Count's user avatar

CountCount

1,3652 gold badges19 silver badges38 bronze badges

1

For me the issue is resolved by adding domain name in user name as follow:

string userName="yourUserName";
string password="passowrd";
string hostName="LdapServerHostName";
string domain="yourDomain";
System.DirectoryServices.AuthenticationTypes option = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer; 
string userNameWithDomain = string.Format("{0}@{1}",userName , domain);
DirectoryEntry directoryOU = new DirectoryEntry("LDAP://" + hostName, userNameWithDomain, password, option);

answered Nov 23, 2018 at 7:14

Mahsh Nikam's user avatar

if you debug and loook at ctx=null,maybe your username hava proble ,you shoud write like
«acadministrator»(double «») or «administrator@ac»

answered Jul 5, 2019 at 3:34

HaoSi's user avatar

HaoSiHaoSi

211 bronze badge

0

For me the cause of the issue was that the format of username was incorrect. It was earlierly specified as «mydomainuser». I removed the domain part and the error was gone.

PS I was using ServerBind authentication.

answered Feb 24, 2021 at 14:02

arslanahmad656's user avatar

1

LDAP is trying to authenticate with AD when sending a transaction to another server DB. This authentication fails because the user has recently changed her password, although this transaction was generated using the previous credentials. This authentication will keep failing until … unless you change the transaction status to Complete or Cancel in which case LDAP will stop sending these transactions.

answered Apr 13, 2017 at 20:40

Ebrahim's user avatar

For me issue is resolved by changing envs like this:

 env.put("LDAP_BASEDN", base)
 env.put(Context.SECURITY_PRINCIPAL,"user@domain")

answered Aug 28, 2019 at 7:52

user3917389's user avatar

1

Using domain Name may solve the problem (get domain name using powershell: $env:userdomain):

    Hashtable<String, Object> env = new Hashtable<String, Object>();
    String principalName = "domainName\userName";
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://URL:389/OU=ou-xx,DC=fr,DC=XXXXXX,DC=com");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, principalName);
    env.put(Context.SECURITY_CREDENTIALS, "Your Password");

    try {
        DirContext authContext = new InitialDirContext(env);
        // user is authenticated
        System.out.println("USER IS AUTHETICATED");
    } catch (AuthenticationException ex) {
        // Authentication failed
        System.out.println("AUTH FAILED : " + ex);

    } catch (NamingException ex) {
        ex.printStackTrace();
    }

answered Feb 7, 2020 at 11:35

Praveen Gopal's user avatar

2

I’ve tested three diferent approaches and them all worked:

env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_PRINCIPAL, "user@domain.com");
env.put(Context.SECURITY_PRINCIPAL, "CN=user,OU=one,OU=two,DC=domain,DC=com");

If you use the last one, don’t forget to set all the OU’s where the user belongs to. Otherwise it won’t work.

answered Jan 27, 2022 at 15:57

Sergio Gabari's user avatar

In my case I misconfigured email credentials then I corrected

var passport = require('passport'),
    WindowsStrategy = require('passport-windowsauth'),
    User = require('mongoose').model('User');

module.exports = function () {
    passport.use(new WindowsStrategy({ldap: {
        url:            'ldap://corp.company.com:389/DC=corp,DC=company,DC=com',
        base:           'DC=corp,DC=company,DC=com',
        bindDN:         'myid@corp.company.com',
        bindCredentials:'password',
        tlsOptions: {
            ca: [fs.readFileSync("./cert.pem")],
          },
    }, integrated: false},
    function(profile, done) {
        console.log('Windows');
        console.log(profile);
        User.findOrCreate({
            username: profile.id
        }, function(err, user) {
            if (err) {
                return done(err);
            }

            if (!user) {
                return done(null, false, {
                    message: 'Unknown user'
                });
            }

            if (!user.authenticate(password)) {
                return done(null, false, {
                    message: 'Invalid password'
                });
            }

            return done(null, user);
        });
    }));
};

answered May 12, 2022 at 13:50

KARTHIKEYAN.A's user avatar

KARTHIKEYAN.AKARTHIKEYAN.A

16.7k6 gold badges115 silver badges130 bronze badges

Please remove domain from the username «mydomainuser». please put «user» only. do not put domain and backslash .

You do not use ldaps://examplehost:8080(do not use s with ldaps coz cert is required), use ldap://examplehost:8080 then use non-TLS port number. it worked for me.

answered Jul 19, 2022 at 10:13

Kumaresan Perumal's user avatar

LDAP: error code 49 — 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

I know «52e» code is when username is valid, but password is invalid. I am using the same user name and password in my apache studio, I was able to establish the connection succesfully to LDAP.

Here is my java code

    String userName = "*******";
    String password = "********";
    String base ="DC=PSLTESTDOMAIN,DC=LOCAL";
    String dn = "cn=" + userName + "," + base;  
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://******");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, dn);
    env.put(Context.SECURITY_CREDENTIALS, password);
    LDAPAuthenticationService ldap = new LDAPAuthenticationService();
   // LdapContext ctx;
    DirContext ctx = null;
    try {
        ctx = new InitialDirContext(env);

My error is on this line: ctx = new InitialDirContext(env);

I do not know what exactly is causing this error.

simbabque's user avatar

simbabque

53.5k8 gold badges77 silver badges133 bronze badges

asked Jul 14, 2015 at 15:59

anusha vannela's user avatar

0

For me the issue resolved when I set the principal section like this:

env.put(Context.SECURITY_PRINCIPAL, userId@domainWithoutProtocolAndPortNo);

answered Nov 9, 2016 at 15:45

Vishal's user avatar

VishalVishal

1,8332 gold badges19 silver badges22 bronze badges

4

In my case I have to use something like <username>@<domain> to successfully login.

sample_user@sample_domain

smonff's user avatar

smonff

3,3513 gold badges39 silver badges46 bronze badges

answered Sep 24, 2018 at 7:50

Linh Nguyen's user avatar

Linh NguyenLinh Nguyen

2012 silver badges8 bronze badges

When you use Context.SECURITY_AUTHENTICATION as «simple», you need to supply the userPrincipalName attribute value (user@domain_base).

answered Oct 9, 2018 at 16:19

MAW's user avatar

MAWMAW

8738 silver badges22 bronze badges

I had a similar issue when using AD on CAS , i.e. 52e error, In my case application accepts the Full Name when in the form of CN= instead of the actual username.

For example, if you had a user who’s full name is Ross Butler and their login username is rbutler —you would normally put something like, cn=rbutler,ou=Users,dc=domain,dc=com but ours failed everytime. By changing this to cn=Ross Butler,ou=Users,dc=domain,dc=com it passed!!

answered Jun 23, 2017 at 5:46

Count's user avatar

CountCount

1,3652 gold badges19 silver badges38 bronze badges

1

For me the issue is resolved by adding domain name in user name as follow:

string userName="yourUserName";
string password="passowrd";
string hostName="LdapServerHostName";
string domain="yourDomain";
System.DirectoryServices.AuthenticationTypes option = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer; 
string userNameWithDomain = string.Format("{0}@{1}",userName , domain);
DirectoryEntry directoryOU = new DirectoryEntry("LDAP://" + hostName, userNameWithDomain, password, option);

answered Nov 23, 2018 at 7:14

Mahsh Nikam's user avatar

if you debug and loook at ctx=null,maybe your username hava proble ,you shoud write like
«acadministrator»(double «») or «administrator@ac»

answered Jul 5, 2019 at 3:34

HaoSi's user avatar

HaoSiHaoSi

211 bronze badge

0

For me the cause of the issue was that the format of username was incorrect. It was earlierly specified as «mydomainuser». I removed the domain part and the error was gone.

PS I was using ServerBind authentication.

answered Feb 24, 2021 at 14:02

arslanahmad656's user avatar

1

LDAP is trying to authenticate with AD when sending a transaction to another server DB. This authentication fails because the user has recently changed her password, although this transaction was generated using the previous credentials. This authentication will keep failing until … unless you change the transaction status to Complete or Cancel in which case LDAP will stop sending these transactions.

answered Apr 13, 2017 at 20:40

Ebrahim's user avatar

For me issue is resolved by changing envs like this:

 env.put("LDAP_BASEDN", base)
 env.put(Context.SECURITY_PRINCIPAL,"user@domain")

answered Aug 28, 2019 at 7:52

user3917389's user avatar

1

Using domain Name may solve the problem (get domain name using powershell: $env:userdomain):

    Hashtable<String, Object> env = new Hashtable<String, Object>();
    String principalName = "domainName\userName";
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://URL:389/OU=ou-xx,DC=fr,DC=XXXXXX,DC=com");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, principalName);
    env.put(Context.SECURITY_CREDENTIALS, "Your Password");

    try {
        DirContext authContext = new InitialDirContext(env);
        // user is authenticated
        System.out.println("USER IS AUTHETICATED");
    } catch (AuthenticationException ex) {
        // Authentication failed
        System.out.println("AUTH FAILED : " + ex);

    } catch (NamingException ex) {
        ex.printStackTrace();
    }

answered Feb 7, 2020 at 11:35

Praveen Gopal's user avatar

2

I’ve tested three diferent approaches and them all worked:

env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_PRINCIPAL, "user@domain.com");
env.put(Context.SECURITY_PRINCIPAL, "CN=user,OU=one,OU=two,DC=domain,DC=com");

If you use the last one, don’t forget to set all the OU’s where the user belongs to. Otherwise it won’t work.

answered Jan 27, 2022 at 15:57

Sergio Gabari's user avatar

In my case I misconfigured email credentials then I corrected

var passport = require('passport'),
    WindowsStrategy = require('passport-windowsauth'),
    User = require('mongoose').model('User');

module.exports = function () {
    passport.use(new WindowsStrategy({ldap: {
        url:            'ldap://corp.company.com:389/DC=corp,DC=company,DC=com',
        base:           'DC=corp,DC=company,DC=com',
        bindDN:         'myid@corp.company.com',
        bindCredentials:'password',
        tlsOptions: {
            ca: [fs.readFileSync("./cert.pem")],
          },
    }, integrated: false},
    function(profile, done) {
        console.log('Windows');
        console.log(profile);
        User.findOrCreate({
            username: profile.id
        }, function(err, user) {
            if (err) {
                return done(err);
            }

            if (!user) {
                return done(null, false, {
                    message: 'Unknown user'
                });
            }

            if (!user.authenticate(password)) {
                return done(null, false, {
                    message: 'Invalid password'
                });
            }

            return done(null, user);
        });
    }));
};

answered May 12, 2022 at 13:50

KARTHIKEYAN.A's user avatar

KARTHIKEYAN.AKARTHIKEYAN.A

16.7k6 gold badges115 silver badges130 bronze badges

Please remove domain from the username «mydomainuser». please put «user» only. do not put domain and backslash .

You do not use ldaps://examplehost:8080(do not use s with ldaps coz cert is required), use ldap://examplehost:8080 then use non-TLS port number. it worked for me.

answered Jul 19, 2022 at 10:13

Kumaresan Perumal's user avatar

Troubleshooting

Problem

BMXAA6765E — The LdapSyncCronTask could not be started

Symptom

Ldapsync fails with error BMXAA6765E — The LdapSyncCronTask could not be started. Log shows caused by — Caused by:

javax.naming.AuthenticationException: [LDAP: error code 49 — 80090308:

LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,

vece]

Resolving The Problem

Error 49

indicates incorrect credentials which means that the password is

incorrectly defined for the principal user. In the LDAP Sync Cron Task

setup screen, locate the credential parameter for this Cron Task

instance and re-enter the password. Save the cron task, and then restart

the MXServer. Many Cron Task parameters require the MXServer to be

restarted.

[{«Product»:{«code»:»SSLKT6″,»label»:»IBM Maximo Asset Management»},»Business Unit»:{«code»:»BU055″,»label»:»Cognitive Applications»},»Component»:»—«,»Platform»:[{«code»:»PF016″,»label»:»Linux»},{«code»:»PF027″,»label»:»Solaris»},{«code»:»PF033″,»label»:»Windows»},{«code»:»PF010″,»label»:»HP-UX»},{«code»:»PF002″,»label»:»AIX»}],»Version»:»6.2.1;6.2.2;6.2.3;6.2.4;6.2.5;6.2.6;6.2.7;6.2.8;7.1;7.2;7.2.1;7.5;7.6″,»Edition»:»»,»Line of Business»:{«code»:»LOB59″,»label»:»Sustainability Software»}},{«Product»:{«code»:»SSWK4A»,»label»:»Maximo Asset Management Essentials»},»Business Unit»:{«code»:»BU059″,»label»:»IBM Software w/o TPS»},»Component»:» «,»Platform»:[{«code»:»»,»label»:»»}],»Version»:»»,»Edition»:»»,»Line of Business»:{«code»:»LOB59″,»label»:»Sustainability Software»}},{«Product»:{«code»:»SSLKTY»,»label»:»Maximo Asset Management for IT»},»Business Unit»:{«code»:»BU053″,»label»:»Cloud & Data Platform»},»Component»:» «,»Platform»:[{«code»:»»,»label»:»»}],»Version»:»»,»Edition»:»»,»Line of Business»:{«code»:»LOB59″,»label»:»Sustainability Software»}},{«Product»:{«code»:»SS6HJK»,»label»:»Tivoli Service Request Manager»},»Business Unit»:{«code»:»BU053″,»label»:»Cloud & Data Platform»},»Component»:» «,»Platform»:[{«code»:»»,»label»:»»}],»Version»:»»,»Edition»:»»,»Line of Business»:{«code»:»LOB59″,»label»:»Sustainability Software»}}]

Понравилась статья? Поделить с друзьями:

Читайте также:

  • Ldap error code 49 80090308 data 52e
  • Launcher exe application error
  • Ldap error code 32 no such object
  • Ldap error code 10 0000202b
  • Launcher error пятница 13

  • 0 0 голоса
    Рейтинг статьи
    Подписаться
    Уведомить о
    guest

    0 комментариев
    Старые
    Новые Популярные
    Межтекстовые Отзывы
    Посмотреть все комментарии