Hi,
I have a web application that we've successfully deployed at 5 different
sites, but we encountered a problem with it on a 6th site.
This web app uses the LDAPJDK to connect Active Directory, and, at this
one site, it's throwing an exception when it tries to do an
authenticate() using a username that is in the "user principal name"
format (i.e., "[EMAIL PROTECTED]"):
netscape.ldap.LDAPException: error result (49); 80090308: LdapErr:
DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
What I've found is that if I use a username that is in the "DN" format,
i.e., "cn=myuser,cn=users,dc=whatever,dc=com", the authenticate() is
successful.
[According to responses to my posting on one of the MS AD newsgroups, AD
accepts usernames in at least the following 3 formats:
- DN
- user principal name
- NT format (domain\username)
This problem is only occurring at this one site (i.e., we can use the
user principal name formatted username to authenticate successfully at
the other 5 sites), and the various components at all 6 sites are
configured similarly.
I know that the "49" error is "INVALID_CREDENTIALS", but I have debug
code in the webapp, which logs the username and password parameters that
are being used in the authenticate() method call, and they look correct,
in both cases.
I've also used ldapsearch (on the Solaris machine where the webapp is
hosted), and that works ok when I use either the user principal name
formatted or the DN formatted username, so I'm puzzling over why the
user principal name formatted username would not work at just this one
site...
Per the Subject, I am guessing this may be somewhat off-topic, but I'm
kind of running out of ideas :(, so I'm wondering if anyone has
encountered a situation/problem like this before? Any other suggestions
for trying to figure out why this is happening would also be appreciated!
Thanks in advance,
Jim
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
