Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Error 533 in Active Directory LDAP

I am trying to configure Active Directory (AD LDS) for use with my application. I am using ForeignJNDIProvider in Weblogic app server to configure the settings for AD. From my Java based application, I do a lookup on InitialContext as shown below:

InitialContext iCtx = new InitialContext();
DirContext dir = (DirContext) iCtx.lookup(<JNDI name>);

The second code line above fails with the following error:

javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 533, v1db1 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at weblogic.jndi.internal.ForeignOpaqueReference.getReferent(ForeignOpaqueReference.java:70)
at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)
at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:377)
at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:856)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:209)
at weblogic.jndi.internal.WLEventContextImpl.lookup(WLEventContextImpl.java:254)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:411)
at javax.naming.InitialContext.lookup(InitialContext.java:392)

I tried looking up what error 533 in AD meant. The only answer I got was that it meant "Account Disabled". I am not sure this is the case. How can I fix this?

like image 530
srihari_ravi Avatar asked May 14 '12 15:05

srihari_ravi


People also ask

What is LDAP error?

The value in the LDAP security authentication field is not valid, or an incorrect password was provided. Note: This error occurs for Microsoft Active Directory LDAP servers only. Check to make sure the LDAP security field has been properly set and make sure the correct password has been entered.

How do I fix LDAP Error 49?

This can occur if the vCenter Server is restored to an earlier version from backups or an older snapshot. To resolve this issue, reset the password for the user account listed in the vmdird-syslog. log file.


2 Answers

Got it...solved the problem by changing the value for attribute msDS-UserAccountDisabled to false. AD accounts when created are disabled by default. Resource: http://technet.microsoft.com/en-us/library/cc725934

like image 115
srihari_ravi Avatar answered Oct 31 '22 12:10

srihari_ravi


For me, the error was in the attribute "userAccountControl". I had to change it from 546 (ACCOUNTDISABLE | PASSWD_NOTREQD | NORMAL_ACCOUNT) to 512 (NORMAL_ACCOUNT). Also see: http://support.microsoft.com/kb/305144/de

like image 37
dforce Avatar answered Oct 31 '22 11:10

dforce