ldap error 49

564 views
Skip to first unread message

Pete D Lawlor

unread,
Jul 11, 2013, 5:19:13 AM7/11/13
to pwm-g...@googlegroups.com
I am stuck, and not experienced with ldap etc, 

but I have got this error
PWM Health
LDAPWARNerror connecting to ldap directory: unable to create connection: unable to bind to ldap://[server]:389 as cn=[user],cn=[ou],dc=[d],dc=[d],dc=[d],dc=ac,dc=uk reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
And I am not sure what it means. 
Not sure what other information I need to give you, please help. 
thanks 

Menno Pieters

unread,
Jul 11, 2013, 5:30:49 AM7/11/13
to pwm-g...@googlegroups.com
AD right? AD doesn't like you to connect using a plain LDAP connection. Try the SSL port 636 and make sure to use the full hostname, corresponding to the certificate name, and import the certificate. In recent builds you can import through the configuration wizard, in 1.6.4 use the Java keytool to import in the cacerts file (%JAVA_HOME%\lib\security\cacerts).

-Menno


--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/1ec72862-3596-48a6-8401-0e2a5da0bac5%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Message has been deleted

Jim Willeke

unread,
Jul 11, 2013, 6:24:40 AM7/11/13
to pwm-general
For AD, data 52e implies:
"Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted."


--
-jim
Jim Willeke


To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CALEP9toDP2YN2qgSbqEbtAxGgyZRb9Y5JCpZhW4PqdXAx%2BXaPw%40mail.gmail.com.

Jim Willeke

unread,
Jul 13, 2013, 4:28:02 AM7/13/13
to pwm-general
cn=[user],cn=[ou],dc=[d],dc=[d],dc=[d],dc=ac,dc=uk 
is invalid.

From the server you can determine the DN :

Or get a good LDAP browser (Apache Studio is our favorite) and figure out what your DN is.

--
-jim
Jim Willeke


On Thu, Jul 11, 2013 at 5:38 AM, Pete D Lawlor <p.d.l...@sheffield.ac.uk> wrote:
Yeah Active Directory, windows server 2008 R2, Ok, tried 636, now says socket closed. 
I had both 389 and 636 in the list, thought it might check both.. 
next question, how do I open the socket, is this is the firewall issue? 
and what tcp/upd ports needs open, and only to this server with pmw on. 

thanks 
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/ca51b98a-d2be-4b5f-bd68-ac4b0a3bfa8e%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages