What permissions are needed to do an LDAP bind to an Active Directory Server

active-directory ldap

What permissions are needed to perform an LDAP bind to an active directory server? I have a central domain (call it MAIN) that has two-way trusts to domains in other forests (call then REMOTE and FARAWAY)

Using MAIN\myaccount as the username and my password I can bind to REMOTE fine, but not to FARAWAY; I get an invalid credentials response 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893

In all other ways the trusts seem to work fine.

What permissions do I need to check to figure out why the bind is failing? My understanding is that anyone in AUTHENTICATED USERS should be able to bind to LDAP, but that only seems to hold true for some domaians and not others.


Solution 1:

Error 49, subtype 525 is bad user DN. I.e. The bind DN is not a valid object in the directory.

Solution 2:

Error 525 is actually a DN not being found, you can take a look at this thread on the Oracle forums : http://forums.sun.com/thread.jspa?threadID=703398

Related

Does Apache's mod_cache, used with mod_deflate cache the gziped file or cache the source?
Enabling the telnet client for all Windows 7 PCs on a domain
Can My Personal GMail Query A Remote LDAP Server?
How do I see what's in the run queue on GNU/Linux?
Is Toad from Quest a dying tool? [closed]
Amazon EC2 Spot Instances very slow at getting accepted/starting
What do you use Windows Server 2008 Server Core for? Any regrets?
Why is there less latency on loopback than on a carp interface?
Block-level LUN replication options for Windows [closed]
Atlassian Crucible very slow on large repository
Convert Virtualbox image to Hyper-V
Mailbox unavailable, client does not have permissions to send as this sender - only the first time