1 Reply Latest reply: Mar 8, 2011 4:23 PM by EJP RSS

    Trouble connecting to LDAP -- what does this error mean?

    649509
      Hi,

      When trying to connect to an LDAP server, using ldaps (port 636), I'm getting the below error.
      javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771]
           at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
           at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
           at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
           at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
           at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
           at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
           at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
           at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
           at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
           at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
           at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
           at javax.naming.InitialContext.init(InitialContext.java:223)
           at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
           at com.myco.squatter.activedirectory.ADQuery.main(ADQuery.java:116)
      Any ideas what it means? I'm also attaching the complete code I use to connect. The exception is thrown here

      LdapContext ctx = new InitialLdapContext(ldapEnv,null);

      The complete code is below. Thanks, - Dave
          public static void main(String[] args) {
              //
              // A hash table storing name/value pairs
              // (including credentials, URL, etc.) is used
              // to pass information to the JNDI service 
              // provider.  The pre-defined names (keys)
              // to use with JNDI are found in the
              // javax.naming.Context interface as you
              // will see in the later code.
              //
              Hashtable ldapEnv = new Hashtable();
              //
              //  Specify URL of the domain controller
              //  Domain should be full domain name 
              //  (mycompany.com, mydept.mycompany.com)
              //  LDAP's default port is 389
              //
              String host="subdomain2.subdomain1";
              String domain="mydomain.com";
              String port="636";
              String urlDC="ldaps://"+host+"."+domain+":"+port+"/";
              //
              // Build doman component list so that we can
              // submit queries in the form:
              // CN=object,DC=domain,DC=com
              //
              // The .replaceAll method required v1.4 of the JDK
              //
              // If your domain is mycompany.local, the dcList
              // string should contain DC=mycompany,DC=local
              //
              String dcList="";
              try {
                  dcList="DC="+domain.replaceAll("\\.",",DC=");
              } catch (Exception ex) {
                  System.err.println("Error in regular expression kit: " + ex.getMessage());
                  return;
              }
              //
              // User name can be in "domain\\user"
              // or UPN (user@domain) syntax
              //
              String userName="username@"+domain;
              String userPassword = "password";
              //
              // Section 1
              //
              // Establish a context using JNDI with the
              // LDAP service provider (remember, as with 
              // JDBC to use JNDI you need to specify a 
              // vendor supplied default.  The LDAP provider 
              // comes with the JDK.)
              //
              ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
              //
              // Set security credentials 
              // Beware that simple authentication sends
              // the credentials "in the clear"
              //
              ldapEnv.put(Context.SECURITY_AUTHENTICATION,"simple");
              ldapEnv.put(Context.SECURITY_PRINCIPAL,userName);
              ldapEnv.put(Context.SECURITY_CREDENTIALS,userPassword);
              ldapEnv.put(Context.PROVIDER_URL, urlDC);
      
              String searchBase; 
              String searchFilter;
              //
              // Section 2 - Construct Query base and filter
              //
              // Also specify the attributes of the AD object or container
              // to return.  Of course, the value of some attributes
              // are only useful for certain object types.
              //
              //
              //
              // Example to find people
              //
              searchBase= "cn=Users,"+dcList;
              searchFilter = "(&(&(&(mailNickname=*)(objectcategory=person)(objectclass=user)(msExchRecipientDisplayType=7))))";
              //searchFilter = "(&(objectClass=person)(anr=p*))";
              String objAttribs[]={"uid","sn","givenName","cn","mail","shortServerName"};
              //
              // Example to find printers
              // By default these are stored in the Domain Controllers
              // Organizational Unit (OU)
              //
              // Note: the description attribute maps to the comment textbox
              //       within the printer definition
              //
              //searchBase= "ou=Domain Controllers,"+dcList;
              //searchFilter = "(&(&(UNCname=*Server01*)(objectCategory=printQueue)(printColor=TRUE)))";
              //String objAttribs[]={"UNCname","location","description","cn","portName"};
      
              try {
                  // 
                  // Section 3
                  // Create an LDAP directory context
                  //
                  LdapContext ctx = new InitialLdapContext(ldapEnv,null);
                  //
                  // Search controls are used to assign the scope 
                  // of the search and the attributes to be returned
                  //            
                  SearchControls srchInfo = new SearchControls();
                  //
                  // We want to browse all of the sub-branches
                  // of our directory tree
                  //
                  srchInfo.setSearchScope(SearchControls.SUBTREE_SCOPE);
                  //
                  // Identify the attributes of the objects that
                  // we want to return
                  //
                  srchInfo.setReturningAttributes(objAttribs);
      
                  int nodirObjects = 0;
                  //
                  // Section 4
                  //
                  // Submit the query to the LDAP directory service 
                  // and return the results in a NamingEnumeration object
                  //
                  NamingEnumeration dirObjects = ctx.search(searchBase, searchFilter, srchInfo);
                  //
                  // Loop through dirObjects returned by the LDAP query
                  //
                  while (dirObjects != null && dirObjects.hasMoreElements()) {
                      SearchResult dirObject = (SearchResult)dirObjects.next();
                      //
                      // Display name and requested attributes to the console
                   // 
                      System.out.println(dirObject.getName());
                      for (int i=0; i<objAttribs.length; i++) {
                          System.out.println(dirObject.getAttributes().get(objAttribs));
      }
      // Increment the counter
      nodirObjects++;     
      }
      ctx.close();
      System.out.println("Number of entries identified: " + nodirObjects);
      }
      catch (NamingException ex) {
           ex.printStackTrace(System.err);
      System.err.println("Error during query: " + ex.getMessage());
      }
      } // End main