Data codes related to 'LDAP: error code 49' wit...

最新推荐文章于 2021-09-29 06:59:14 发布
最新推荐文章于 2021-09-29 06:59:14 发布
阅读量469 收藏
点赞数
文章标签: ldap python java
原文链接:https://my.oschina.net/u/994081/blog/122073
版权

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

Problem

When IBM® WebSphere® Portal accesses the LDAP (in this case Microsoft® Active Directory), either to start the server or during configuration tasks, "LDAP: error code 49" can be encountered.

Symptom

Generally, error references SECJ0369E and SECJ0055E will be generated in the SystemOut.log. There are, however, various root causes that can be derived from the values that follow the initial description. An example is shown below.
From SystemOut.log:

[date/time] 0000000a LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server ldap://<hostname>:389.
[date/time] 0000000a LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece ].
[date/time] 0000000a distContextMa E SECJ0270E: Failed to get actual credentials. The exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)



In this case, validate-ldap is the config task that was failing, and from the ConfigTrace.log we see:

action-validate-ldap-was-admin-user:
[ldapcheck] ###########################
[ldapcheck] ldapURL : <hostname>:389
[ldapcheck] ldapUser : CN=wasadmin,OU=WebspherePortal,OU=Service Accounts,DC=select,DC=corp,DC=sem
[ldapcheck] ldapPassword : *********
[ldapcheck] ldapSslEnabled : false
[ldapcheck] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece ]
[ldapcheck] ERROR: 4
[ldapcheck] Invalid or insufficient authorization privileges.
Target finished: action-validate-ldap-was-admin-user

Cause

The error shown below is similar each time there is an LDAP authentication issue.

  • "The exception is [ 
LDAP: error code 49 - 80090308: LdapErr:  DSID-0Cxxxxxx, comment: AcceptSecurityContext error, data  xxx, vece ]."
However, there are several values that can indicate what LDAP function is causing the issue. Here are some general references for Microsoft Active Directory: 

The AD-specific error code is the one after "data" and before "vece" or "v893" in the actual error string returned to the binding process 

525 user not found
52e invalid credentials
530 not permitted to logon at this time
531 not permitted to logon at this workstation
532 password expired
533 account disabled
701 account expired
773 user must reset password
775 user account locked

      
Common Active Directory LDAP bind errors: 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data  525, v893 
HEX: 0x525 - user not found 
DEC: 1317 - ERROR_NO_SUCH_USER (The specified account does not exist.) 
NOTE: Returns when username is invalid. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data  52e, v893 
HEX: 0x52e - invalid credentials 
DEC: 1326 - ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.) 
NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data  530, v893 
HEX: 0x530 - not permitted to logon at this time 
DEC: 1328 - ERROR_INVALID_LOGON_HOURS (Logon failure: account logon time restriction violation.) 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data  531, v893 
HEX: 0x531 - not permitted to logon from this workstation 
DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.) 
LDAP[userWorkstations: <multivalued list of workstation names>] 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data  532, v893 
HEX: 0x532 - password expired 
DEC: 1330 - ERROR_PASSWORD_EXPIRED (Logon failure: the specified account password has expired.) 
LDAP[userAccountControl: <bitmask=0x00800000>] - PASSWORDEXPIRED 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data  533, v893 
HEX: 0x533 - account disabled 
DEC: 1331 - ERROR_ACCOUNT_DISABLED (Logon failure: account currently disabled.) 
LDAP[userAccountControl: <bitmask=0x00000002>] - ACCOUNTDISABLE 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data  701, v893 
HEX: 0x701 - account expired 
DEC: 1793 - ERROR_ACCOUNT_EXPIRED (The user's account has expired.) 
LDAP[accountExpires: <value of -1, 0, or extemely large value indicates account will not expire>] - ACCOUNTEXPIRED 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data  773, v893 
HEX: 0x773 - user must reset password 
DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE (The user's password must be changed before logging on the first time.) 
LDAP[pwdLastSet: <value of 0 indicates admin-required password change>] - MUST_CHANGE_PASSWD 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data  775, v893 
HEX: 0x775 - account locked out 
DEC1909 -  ERROR_ACCOUNT_LOCKED_OUT (The referenced account is currently locked out and may not be logged on to.) 
LDAP[userAccountControl: <bitmask=0x00000010>] - LOCKOUT 
NOTE: Returns even if invalid password is presented 

The  DEC: values are not presented in Portal logs; however, review of LDAP activity combined with analysis of SystemOut.log and relevant configuration tasks can help narrow down the root cause.

Resolving the problem

Use the codes above to verify the settings and users in LDAP.

转载于:https://my.oschina.net/u/994081/blog/122073

weixin_33796177
关注
java ldap authenticationexception,LDAP错误代码 及解决方法
weixin_35677065的博客
03-12 2972
1. error code 53===========================================================================问题:创建新用户时出现数据后端异常在 WebSphere Portal Express 中,您可以设置密码的最短和最长长度。如果设置的密码长度与 LDAP 服务器的策略不相同,则在创建用户时您可能会看到以下异常:EJ...
java ldap 验证_Java ldap身份验证问题
weixin_35815640的博客
02-16 460
我试图让我的自定义Java应用程序使用我们的ActiveDirectory服务器进行身份验证,但由于某种原因我无法使其正常工作。谁能看到为什么呢?这是我的方法如下:private boolean authenticate(String serverName, String userId, String password) throws NamingException {DirContext ctx...
ad 域验证报LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9错误
热门推荐
KuangPu_001的博客
09-03 1万+
最近一个项目需要调用AD域来进行用户名登陆的验证.第一次接触AD域,什么都不懂,就百度.搜索到了几篇优质资源,现在分享出来.旨在方便开发小白解决问题(如有侵权还请联系删除) 按顺序贴的.先是理论,然后是解决办法.如果只想解决问题,那么可以直接跳到最后.如果想学习,可以按顺序浏览. 域服务器的简单介绍: https://blog.csdn.net/qq_37497275/article/details/101554114 认证 – LDAP:错误代码49 – 80090308:LdapErr:DSID-0C0
java ldap authenticationexception,LDAP:错误代码49 - 登录时凭据无效
weixin_33365244的博客
03-12 2155
我'm trying to integrate our app to an active directory. I'已按照本指南开始:https://grails.org/wiki/AcegiSecurity%20Plugin%20-%20LDAP%20Tutorial但我收到一个错误:[LDAP:错误代码49 - 证书无效];嵌套异常是javax.naming.AuthenticationEx...
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334
Be_insighted的博客
09-29 5110
error code 49 ========================================================================= javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece 原因:用户名或密码错误(可能账户的
ERROR sqoop.Sqoop: Got exception running Sqoop: java.lang.RuntimeException: java.sql.SQLException
xiaoxionghanhan的博客
12-21 3399
执行命令 sqoop list-databases --connect jdbc:mysql://hadoop01:3306 --username root --password ok 报错信息如下 20/12/21 11:11:26 ERROR manager.CatalogQueryManager: Failed to list databases java.sql.SQLException: Your password has expired. To log in you must change i
kettle-linux中执行hive的ktr报错:Error connecting to database: using class org.apache.hive.jdbc.HiveDriver
lisery的博客
07-19 1万+
1.将windows环境中产生的ktr文件上传到linux环境中执行 [root@lx02 data-integration]# ./pan.sh -file=/opt/cm/hadoop/pdi-ce-7.1.0.0-12/data-integration/workspace/hivetorizhi.ktr &gt;&gt; /opt/cm/hadoop/pdi-ce-7.1.0.0-12/...
ERRORError: Cannot find module '../models/config'
qq_38904077的博客
04-26 3365
错误描述 cielo@cielo-ThinkPad-E550:~/cprogrames/SupplyChainFabric-master/angular-app$ npm start > angular-app@0.0.1 start /home/cielo/cprogrames/SupplyChainFabric-master/angular-app > ng serve --pr...
Spring Boot项目升级:1.5.22升级至2.x的运行阶段问题总结
知行合一 止于至善
09-05 2575
这篇文章继续介绍Spring Boot 1.5.22升级至2.x在运行阶段一部分可能会出先的问题。
caused by java.io.io,推送通知 - 产生的原因:java.io.IOException异常:toDerInputStream拒绝标签类型45...
weixin_42499441的博客
02-25 2467
I got this error when my server try to push a notification to a specific device based on device token and ck.pem (combination between .pem file, cert and key).Caused by: java.io.IOException: toDerInpu...
ldap错误状态码
weixin_45397609的博客
04-26 8297
正常情况LDAP返回的错误信息一般是下面这个样子的: “The exception is [ LDAP: error code 49 - 80090308: LdapErr: DSID-0Cxxxxxx , comment: AcceptSecurityContext error, data xxx , vece ].” 或者是这个样子的: “errorMessage:80090308:ldaperr:DSID-0Cxxxxxx , comment: AcceptSecurityContext er
Delphi访问基于LDAP的Active Directory
wnjnfn的博客
04-10 1183
1.创建单元ActiveDs_TLB.pas D7中的创建步骤:Component->Import ActiveX Control 2.
LDAP操作过程中出现的错误代码
Jian Sun_的博客
11-06 4260
525 用户不存在 52e 密码或凭证无效 530 此时不允许登录 531 在此工作站上不允许登录 532 密码过期 533 账户禁用 701 账户过期 773 用户必须重置密码 775 用户账户锁定 一般Active Directory LDAP 绑定错误: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data52..
LDAP错误代码
IT成长
03-19 9558
ldap访问AD域的的错误一般会如下格式:  Ldap load error: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data525, vece] 其中红字部分的意思如下(这些错误码跟语言无关): 525 - 用户没有找到 52e - 证书
AD 域单点登陆之 用户验证标识码 (七)
suzsoft_yz的专栏
12-18 436
http://pic.dhe.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.itrc.doc_5.1.2%2Ftrc-install79.htm   Verifying the LDAP configuration When the common.properties and ldap.properties fil...
win10无法打开匿名级安全令牌_Windows 错误代码
weixin_34805308的博客
01-17 5088
{The operation completed successfully.}ERROR_SUCCESS= 0;{$EXTERNALSYM ERROR_SUCCESS}NO_ERROR= 0; {dderror}{$EXTERNALSYM NO_ERROR}{Incorrect function.}ERROR_INVALID_FUNCTION= 1; {dderror}{$EXTERNAL...
Ranger同步Ldap用户报错AuthticationExceptiom :[LDAP:error code 49 - Invalid Credentials]
gaofeng的博客
04-15 2431
报错截图 LdapDeltaUserGroupBuilder.getUsers() failed with exception:java.naming.AuthticationExceptiom :[LDAP:error code 49 - Invalid Credentials]:remaing name ‘ou=People,dc=asiainfo.dc=com’ 解决办法 保证下面红框中的...
WebSphere V6.1发布包后启动异常
weixin_34061042的博客
11-16 270
异常信息如下:at com.ibm.ws.wswebcontainer.webapp.WebApp.notifyServletContextCreated(WebApp.java:652)at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinish(WebApp.java:354)at com.ibm....
扩展错误码: 8600: Error opening library hAcqDirectFile.dll : hAcqDirectFile.dll: 找不到指定的模块。
最新发布
07-25
- *2* *3* [System Error Codes/系统错误代码](https://blog.csdn.net/kkwant/article/details/81001919)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值