#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2002
    Posts
    410
    Rep Power
    20

    LDAP for Active Directory


    I have a program using Active Directory (Windows 2003 R1) via LDAP. All worked well.

    However, when I installed one more Domain Controller (Win 2003 R2) and it is turned off for spare, the program can work sometimes but fails sometimes else.

    The program is just configured to the original server only. What is wrong with more than one Domain Controllers?
    ------------------------------------------
    Perl Kids Kiss Perl
    Stanley
    ------------------------------------------
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2002
    Posts
    410
    Rep Power
    20
    After checking, the following error occurs:
    Code:
    2007-05-14 10:28:40,541 DEBUG [org.acegisecurity.ui.webapp.AuthenticationProcessingFilter] - Authentication request failed: org.acegisecurity.AuthenticationServiceException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 531, vece ]]; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 531, vece ]]
    What does the error mean? How can I solve it?
    ------------------------------------------
    Perl Kids Kiss Perl
    Stanley
    ------------------------------------------
  4. #3
  5. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    maybe a bug in it? I'm not sure about multiple domain controllers I only use it with one afaik
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2008
    Posts
    2
    Rep Power
    0
    This is the error


    80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893
    HEX: 0531 - not permitted to logon from this workstation
    DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.)
    LDAP[userWorkstations: <multivalued list of workstation names>]
    NOTE: Returns only when presented with valid username and password/credential.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2008
    Posts
    2
    Rep Power
    0
    That is because of the account you are using to login is set to allow login to some specific workstation only
  10. #6
  11. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2002
    Posts
    410
    Rep Power
    20
    This post has been posted for quite a long time and I investigated it for quite a long time.

    Finally I found out the solution.

    I found that the server got AD authentication failure if the server runs as Local Administrator while the authentication successes if the server runs as Domain Users.

    I don't know whether it is Acegi Security issue or Active Directory issue. The above can solve anyway.
    ------------------------------------------
    Perl Kids Kiss Perl
    Stanley
    ------------------------------------------
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2009
    Posts
    1
    Rep Power
    0

    Excel to Active Directory


    Hi all,
    is there any possibility to connect Excel to AD through LDAP by using java code? The point is, to use excel as a user interface to reach Active Directory (to write and to read).
    many thanks
    /fridaylight
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2010
    Posts
    1
    Rep Power
    0
    stanley1610,

    I think I am facing the same problem you were. We are using Acegi Security, and when we use a ManagerDN to log into LDAP that is tied down to specific workstation (including the web server), the authentication fails. If we remove the workstation restriction, everything works fine.

    We are running on Apache Tomcat, and after reading your last post, I tried setting the Log In for the apache service to a domain user rather than the Local machine. It is still not authenticating for me. Is that all that you did, or is there something that I am missing?

    Thanks!

IMN logo majestic logo threadwatch logo seochat tools logo