LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

I know "52e" code is when username is valid, but password is invalid. I am using the same user name and password in my apache studio, I was able to establish the connection succesfully to LDAP.

Here is my java code

    String userName = "*******";
    String password = "********";
    String base ="DC=PSLTESTDOMAIN,DC=LOCAL";
    String dn = "cn=" + userName + "," + base;  
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://******");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, dn);
    env.put(Context.SECURITY_CREDENTIALS, password);
    LDAPAuthenticationService ldap = new LDAPAuthenticationService();
   // LdapContext ctx;
    DirContext ctx = null;
    try {
        ctx = new InitialDirContext(env);

My error is on this line: ctx = new InitialDirContext(env);

I do not know what exactly is causing this error.


Solution 1:

data 52e - Returns when username is valid but password/credential is invalid.

You probably need something like

String dn = "cn=" + userName + "," + "CN=Users," + base;  

Solution 2:

For me the issue resolved when I set the principal section like this:

env.put(Context.SECURITY_PRINCIPAL, userId@domainWithoutProtocolAndPortNo);

Solution 3:

52e 1326 ERROR_LOGON_FAILURE Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

http://ldapwiki.com/wiki/Common%20Active%20Directory%20Bind%20Errors

Solution 4:

In my case I have to use something like <username>@<domain> to successfully login.

sample_user@sample_domain

Solution 5:

When you use Context.SECURITY_AUTHENTICATION as "simple", you need to supply the userPrincipalName attribute value (user@domain_base).