#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    2
    Rep Power
    0

    javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-


    Hello People,
    I am trying to connect to Active Directory through jNDI and i keep getting the following error. I saw a lot of people asking hte same question, but no one ever put the solution they found. Can any one be considerable to help me.

    Thanks

    javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893


    The following is my DirContext settings

    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.PROVIDER_URL,"ldap://hodcserver.howost.strykercorp.com:389");

    env.put(Context.SECURITY_AUTHENTICATION,"simple");

    env.put(Context.SECURITY_PRINCIPAL,"uid=userName,ou=Information Technology Team,ou=New Jersey,dc=ost,dc=srcorp,dc=com");

    env.put(Context.SECURITY_CREDENTIALS,"pass");
  2. #2
  3. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    11
    Error code 49 is the equivalent of bad credentials at login. If you are trying to connect to AD the best method is to bind using sAMAccountName@corp.XXX.com as the user instead of the standard full DN

    HTH
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    2
    Rep Power
    0

    Sam Account Binding Code


    Hi,
    Thanks for your reply. I was trying to figure out how i will bind the sam account instead of complete DN, Can you pls, pls provide me with syntax.

    Regards
    VIk
  6. #4
  7. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    11
    So I am not so good with the java - but I would imagine you would bind by replacing

    "uid=userName,ou=Information Technology Team,ou=New Jersey,dc=ost,dc=srcorp,dc=com"

    with
    "useraccountname@corp.xxx.com"

    - where useraccountname is the login ID and XXX is the domain your AD runs in ...

    Comments on this post

    • Viper_SB agrees
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2006
    Posts
    1
    Rep Power
    0
    Thanks ldap4you,
    in your post I found the solution for my problem!
    And for all others: you must use the strange syntax which ldap4you described, if you want to contact AD.
    I tested it first with the LDAP Browser\Editor v2.8.2 by Derek Gawor, which is good tool.
    Good Luck for everybody!
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2007
    Posts
    1
    Rep Power
    0

    LDAP Authentication Error


    HI, I am also facing with the same problem. I tried with the LDAP browser, saying "Insufficient Access" or "Credential" problem. Can you please tell how you tested it and how it got resolved?

    you can mail me directly to(E-Mail address blocked: See forum rules)

    Thanks in advance.

    Regards,
    Chandu.

    Originally Posted by bernielamotta
    Thanks ldap4you,
    in your post I found the solution for my problem!
    And for all others: you must use the strange syntax which ldap4you described, if you want to contact AD.
    I tested it first with the LDAP Browser\Editor v2.8.2 by Derek Gawor, which is good tool.
    Good Luck for everybody!
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    1
    Rep Power
    0
    Thank you sooooo much I didn't try it with the domain name at the end!


    Originally Posted by ldap4u
    Error code 49 is the equivalent of bad credentials at login. If you are trying to connect to AD the best method is to bind using sAMAccountName@corp.XXX.com as the user instead of the standard full DN

    HTH
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2009
    Posts
    1
    Rep Power
    0
    Hi all,

    I am getting the same error. Please let me explain what i have encountered.

    In the active directory (version 2003), the administrator can actually limit the access of a particular user to a certain workstation. This can be set by putting the workstation host name or IP (which is allowed to accessed by the user) into a "log on to" list (at the user level). If the administrator wants the user to be able to log on to any workstation, then he / she can check on the "log on to all computer" in the same screen.

    When my user has been set to "log on to all computer", i don't encounter the error message i.e. error code 49, as mentioned in the subject of this topic. However, when a particular user has been limited to only access to his own workstation, the error appears. However, if the Active Directory server host name or IP has been added into the "log on to" list, the authentication is successful.

    My web application is actually running on an application server and the user is using Internet Explorer to login to my application. The application server has been joined to the same domain as the Active Directory server. My question is, is it a must that the Active Directory server name be added to the "log on to" list of that particular user in order for it to be authenticated by Active Directory. I have been cracking my head for this but still i can't think of any solution for this. I definitely don't want to add the AD server name into the list as this will give the user rights to login to the AD server. Any advise would be of great help. Thanks a million in advance.
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2011
    Location
    beijing Chinese
    Posts
    1
    Rep Power
    0

    Smile LDAP: error code 49 - 80090308:data 531


    hello edwtsen:
    I am getting the same error! Please tell me how you solve this problem?
    this is my email <leiyan87@gmail.com>!
    Think you!!!

    Originally Posted by edwtsen
    Hi all,

    I am getting the same error. Please let me explain what i have encountered.

    In the active directory (version 2003), the administrator can actually limit the access of a particular user to a certain workstation. This can be set by putting the workstation host name or IP (which is allowed to accessed by the user) into a "log on to" list (at the user level). If the administrator wants the user to be able to log on to any workstation, then he / she can check on the "log on to all computer" in the same screen.

    When my user has been set to "log on to all computer", i don't encounter the error message i.e. error code 49, as mentioned in the subject of this topic. However, when a particular user has been limited to only access to his own workstation, the error appears. However, if the Active Directory server host name or IP has been added into the "log on to" list, the authentication is successful.

    My web application is actually running on an application server and the user is using Internet Explorer to login to my application. The application server has been joined to the same domain as the Active Directory server. My question is, is it a must that the Active Directory server name be added to the "log on to" list of that particular user in order for it to be authenticated by Active Directory. I have been cracking my head for this but still i can't think of any solution for this. I definitely don't want to add the AD server name into the list as this will give the user rights to login to the AD server. Any advise would be of great help. Thanks a million in advance.
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    2
    Rep Power
    0

    javax.naming.AuthenticationException: [LDAP: error code 49 - Explicit authentication


    I previously having our AD on 389 port using LDAP .now during migration we are going to use VDS instead of AD on port 636 and LDAPS protocol. DUring authentication with VDS my application is failing with error


    javax.naming.AuthenticationException: [LDAP: error code 49 - Explicit authentication failed]


    Could you please help me in this issue. I tried username i.e.Context.SECURITY_PRINCIPAL

    by various ways but still fails with same.


    previously i was getting error


    javax.naming.CommunicationException: simple bind failed: vds-xxx.xx.com:636[Root exception is javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:No trusted certificate found]


    But i installed all the certificates manually using mmc command and its removed. But above error just frustrating me from last 2 days.



    My application code is in java...

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldaps://vds-us.xxx.com:636");

    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "svc_appadquery");
    env.put(Context.SECURITY_CREDENTIALS, "zqHw2re$");

    this service account is created in pharma domain and dc=vds,dc=enterprise



    Please help me in this.
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    2
    Rep Power
    0

    javax.naming.AuthenticationException: [LDAP: error code 49 - Explicit authentication


    we previously having our AD on 389 port using LDAP .now during migration we are going to use VDS instead of AD on port 636 and LDAPS protocol. DUring authentication with VDS my application is failing with error


    javax.naming.AuthenticationException: [LDAP: error code 49 - Explicit authentication failed]


    Could you please help me in this issue. I tried username i.e.Context.SECURITY_PRINCIPAL

    by various ways but still fails with same.


    previously i was getting error


    javax.naming.CommunicationException: simple bind failed: vds-xxx.xx.com:636[Root exception is javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:No trusted certificate found]


    But i installed all the certificates manually using mmc command and its removed. But above error just frustrating me from last 2 days.



    My application code is in java...

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldaps://vds-us.xxx.com:636");

    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "svc_appadquery");
    env.put(Context.SECURITY_CREDENTIALS, "zqHw2re$");

    this service account is created in pharma domain and dc=vds,dc=enterprise



    Please help me in this.

IMN logo majestic logo threadwatch logo seochat tools logo