I am trying to configure Active Directory (AD LDS) for use with my application. I am using ForeignJNDIProvider in Weblogic app server to configure the settings for AD. From my Java based application, I do a lookup on InitialContext as shown below:
InitialContext iCtx = new InitialContext();
DirContext dir = (DirContext) iCtx.lookup(<JNDI name>);
The second code line above fails with the following error:
javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 533, v1db1 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at weblogic.jndi.internal.ForeignOpaqueReference.getReferent(ForeignOpaqueReference.java:70)
at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)
at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:377)
at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:856)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:209)
at weblogic.jndi.internal.WLEventContextImpl.lookup(WLEventContextImpl.java:254)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:411)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
I tried looking up what error 533 in AD meant. The only answer I got was that it meant "Account Disabled". I am not sure this is the case. How can I fix this?
The value in the LDAP security authentication field is not valid, or an incorrect password was provided. Note: This error occurs for Microsoft Active Directory LDAP servers only. Check to make sure the LDAP security field has been properly set and make sure the correct password has been entered.
This can occur if the vCenter Server is restored to an earlier version from backups or an older snapshot. To resolve this issue, reset the password for the user account listed in the vmdird-syslog. log file.
Got it...solved the problem by changing the value for attribute msDS-UserAccountDisabled to false. AD accounts when created are disabled by default. Resource: http://technet.microsoft.com/en-us/library/cc725934
For me, the error was in the attribute "userAccountControl". I had to change it from 546 (ACCOUNTDISABLE | PASSWD_NOTREQD | NORMAL_ACCOUNT) to 512 (NORMAL_ACCOUNT). Also see: http://support.microsoft.com/kb/305144/de
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With