2
LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580

I know "52e" code is when username is valid, but password is invalid. I am using the same user name and password for validating user against Active directory and its working fine.

Here is my java code:

        String userName = "user_test";
        String password =  "*******";
        String base ="DC=test,DC=local";
        String dn = "cn="+ userName + "," + "CN=Users," + base;  

        try {
            Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.SECURITY_AUTHENTICATION, "simple");

            env.put(Context.SECURITY_PRINCIPAL, dn);

            env.put(Context.SECURITY_CREDENTIALS, password);

            env.put(Context.PROVIDER_URL, "ldap://*****.test.local:389");


            System.out.println("Attempting to Connect...");

            ctx = new InitialLdapContext(env, null);
            System.out.println("Connection Successful.");
        } catch (NamingException nex) {
            System.out.println("LDAP Connection: FAILED");
            nex.printStackTrace();
        }
        return ctx;
    }

I do not know exactly why getting this error. Can anyone please help on this?

Krishna
  • 233
  • 2
  • 6
  • 20
  • Does this answer your question? [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1](https://stackoverflow.com/questions/31411665/ldap-error-code-49-80090308-ldaperr-dsid-0c0903a9-comment-acceptsecurityc) – TylerH Sep 14 '20 at 18:09

2 Answers2

1

In case you use simple authority authentication , you should use short username form

user_test@test.local

I checked, in this case authentication is working. In dn form I have got exactly the same error 

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

You may also refer to earlier thread LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

Alister
  • 91
  • 8
  • Now i am getting `javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=test,DC=local'`after using using the dn as `user_test@test.local`. Please help me . thanks @Alister – Krishna May 28 '19 at 07:50
  • Look, you should put username into hashtable without dn part: **env.put(Context.SECURITY_PRINCIPAL, "user_test@test.local");** – Alister May 28 '19 at 09:43
  • Yes, I'm putting the same and not using dn now. even getting the same error. please help me..thanks @Alister – Krishna May 28 '19 at 09:55
  • Well replace original code in your question with current code. I don not see how can you receive error with text "javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=test,DC=local'after using using the dn as user_test@test.local" if you are not using DN anywhere in your code. – Alister May 28 '19 at 10:05
  • NamingEnumeration answer = ctx.search("DC=test,DC=local", "sAMAccountName=user_test@test.local", constraints); - getting error here. please check. thanks @Alister – Krishna May 28 '19 at 10:37
  • In my case when I reproduced the ctx.search I've got no exception, I suppose you have complex AD tree structure. In any case, first of all, sAMAccountName should be without domain part, **NamingEnumeration answer = ctx.search("DC=test,DC=local", "sAMAccountName=user_test", constraints);** Besides you should provide correct constraint, taking into account the complexity of your AD tree, may be it should be of subtree scope, SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); – Alister May 28 '19 at 11:23
  • now getting null, why even i am using the same user to login. and what is the difference b/w objectclass=user & sAMAccountName? please help me ,thanks @Alister – Krishna May 28 '19 at 11:54
  • May be you should change base container to OU=Users,DC=test,DC=local. – Alister May 28 '19 at 12:08
  • no luck - getting user not found exception only even using same as you mentioned. thanks @Alister – Krishna May 28 '19 at 12:29
  • now getting `SizeLimitExceededException`- what is the max size of records return by server at once? thanks @Alister – Krishna May 28 '19 at 12:54
  • anyone noticed *v1db1* vs *v2580* ? – törzsmókus Sep 03 '21 at 08:58
1

The error is pretty definitive.

49 52e 1326 ERROR_LOGON_FAILURE Returns when username is valid but password/credential is invalid.

Often the Hard Part is properly determining the DN.

Kkkev
  • 4,716
  • 5
  • 27
  • 43
jwilleke
  • 10,467
  • 1
  • 30
  • 51