BIND Failed [LDAP: error code 49 - Invalid Credentials]

New to OID and OIM,
I am trying to add an Oracle Internet Directory Server using Oracle Directory Manager. This company has OIM implimented and I have been given the administrator username and password for the OIM system to connect with, it is not the orcladmin user.
Do I need to have the orcladmin username and password on the OIM instance to add this OID Server to my list of available directory servers?
Any help appreciated.
Larry

This can be canceled. Apparently I was misunderstood in my request to the other department and was given a DB login, not access to the LDAP server, which explains why it could not bind.

Similar Messages

LDAP error "ldap_bind: Invalid credentials (49)"

Dear Server professionals
I run in an error "ldap_bind: Invalid credentials (49)" eatch time I try to import a ldif file. Below I wrote my slapd.conf file and my command I use.
slapd.conf file:
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/fmserver.schema
include /etc/openldap/schema/apple.schema
include /etc/openldap/schema/netinfo.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
replica-pidfile /var/run/slurpd.pid
replica-argsfile /var/run/slurpd.args
replicationinterval 3
loglevel 32768
sizelimit 11000
gentlehup off
schemacheck on
allows bind_v2
schemacheck on
checkpoint 32 30 # <kbyte> <min>
database bdb
directory /private/var/db/openldap/openldap-data
suffix "o=machilfe,c=ch"
#rootdn "cn=ldapadmin,o=machilfe,c=ch"
#rootpw {SSHA}c1lrRr4xWi444e59Vez96XkohS7fTiwU
# Indices to maintain
index default pres,eq
index objectClass eq
index cn,sn,uid
# Sample security restrictions
# Disallow clear text exchange of passwords
# disallow bindsimpleunprotected
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
#access to dn.base="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
# if no access controls are present, the default policy is:
# Allow read by all
# rootdn can always write!
# Some settings are maintained in slapd_macosxserver.conf,
# which is updated by Server Admin. Put your own changes in
# this file.
include /etc/openldap/slapd_macosxserver.conf
include /etc/openldap/schema/abxldap.schema
Command:
sh-3.2# ldapadd -c -D "cn=diradmin,o=machilfe,c=ch" -W -x -f /Users/ladmin/Desktop/AddressBook\ X\ LDAP\ Installation/Examples/InitialImport.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Can anyone help me to solve this problem or where to look for this to solve?
Kind regards
Thomas Thaler

Make sure your dn value is correct. i.e cn=diradmin,o=machilfe,c=ch

[LDAP: error code 49 - Invalid Credentials]

New to OID. Using Jdev 10.1.3 and then have following code. user is apenlast and password is penlast2.
I want to get all the attributes for this user from OID. But I keep getting this error.
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
Actually from SSO login screen, if I try login using apenlast/penlast2 I can successfully login to OID. Then why this error from code ??
InitialDirContext ctx1 = ConnectionUtil.getDefaultDirCtx
( "ormi://br-dev3.fjcs.net:399",
"389",
"cn=apenlast",
"penlast2" );
System.out.println("TTTTTTTTTTTTTTTTTTTTT "+ctx1.getAttributes("uid"));

probably you're not using using the fully qualified DN.
the users are stored by default under cn=users,dc=yourDOMAIN
so u should try cn=apenlast,cn=users,dc=yourDOMAIN.
regards,
--Olaf

"[LDAP: error code 34 - Invalid DN]" Why?

Hi all, I have the following problem, when I try to test my Plumtree connection to LDAP Sun One Server I get the following error message:
Attempt to connect to LDAP Server failed. Double check your installation and logon credentials.
Could not create InitialDirContext: [LDAP: error code 34 - Invalid DN] [LDAP: error code 34 - Invalid DN]
I have entered LDAP URL: georgi.masq
LDAP port: 49129
ldap user: admin
ldap pass: XXXXXXX
With this parameters I can login into SunOne ADmin Console, unfortunately something's wrong and I don't know what, if anyone has any ideas please tell me .

Hi all, I have the following problem, when I try to
test my Plumtree connection to LDAP Sun One Server I
get the following error message:
Attempt to connect to LDAP Server failed. Double
check your installation and logon credentials.
Could not create InitialDirContext: [LDAP: error code
34 - Invalid DN] [LDAP: error code 34 - Invalid DN]
I have entered LDAP URL: georgi.masq
LDAP port: 49129
ldap user: admin
ldap pass: XXXXXXX
With this parameters I can login into SunOne ADmin
Console, unfortunately something's wrong and I don't
know what, if anyone has any ideas please tell me .
Hi all, I have the following problem, when I try to
test my Plumtree connection to LDAP Sun One Server I
get the following error message:
Attempt to connect to LDAP Server failed. Double
check your installation and logon credentials.
Could not create InitialDirContext: [LDAP: error code
34 - Invalid DN] [LDAP: error code 34 - Invalid DN]
I have entered LDAP URL: georgi.masq
LDAP port: 49129
ldap user: admin
ldap pass: XXXXXXX
With this parameters I can login into SunOne ADmin
Console, unfortunately something's wrong and I don't
know what, if anyone has any ideas please tell me .Hello actually I have the same error, maybe someone have the solution.
Or what did you do for resolve this error?
Thanks for your collaboration!!

Invalid ID store configuration LDAP : Error code 32- No Such object

Followed note : Integrating Oracle E-Business Suite Release 12.1.3 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate [ID 1484024.1
Completed all these steps:
Integrate Oracle Internet Directory with Oracle E-Business Suite
Configure Oracle Internet Directory to return operational attributes
Install Oracle Access Manager
Install and Configure WebGate on the WebTier
Register the WebGate Agent with Oracle Access Manager
Test your WebGate.
we stuck at the stage of Configure Identity Store .
section 4.3.2.1: Create User Identity Store
In the OAM Console, navigate to System Configuration > Common Configuration > Data Sources > User Identity Stores.
Highlight the User Identity Stores node, and click the "*" (Create) icon.
In the window that opens, enter the attributes for your new identity store, for example:
•Store Name = EBSIdStore
•Store Type = OID: Oracle Internet Directory
•Location = oraoidprd1.guc.loc:3060
•Bind DN = cn=orcladmin
•Password =
•User Name Attribute = uid
•User Search Base = cn=users,dc=us,dc=oraoidprd1,dc=com,dc=guc,dc=loc
•Group Search Base = cn=groups,dc=us,dc=oraoidprd1,dc=com,dc=guc,dc=loc
when we click test conenction it fails with
Invalid ID store configuration. User search base specified is invalid
LDAP : Error code 32- No Such object
Any help is greatly appreciated.
Thanks!

Yes.. i am passign the correct values..
Here are the registration steps we did.. as a pre-requisite:
1. Register instance:
[apdevebs@oraebsdev1 bin]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registerinstance=yes
You are registering ORACLE HOME only.
Enter the host name where Oracle iAS Infrastructure database is installed ? oraoidprd1
Enter the LDAP Port on Oracle Internet Directory server ? 3060
Enter SSL LDAP Port on Oracle Internet Directory server ? 3131
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter Oracle E-Business apps database user password ?
2. Register OID:
Register OID
2. [apdevebs@oraebsdev1 bin]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registeroid=yes
You are registering this instance with OID Server.
Enter LDAP Host name ? oraoidprd1
Enter the LDAP Port on Oracle Internet Directory server ? 3060
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter the instance password that you would like to register this application instance with ? test123
Enter Oracle E-Business apps database user password ?
3.. Configure Oracle Internet Directory to return operational attributes
cd /mnt/oidprd_app/app/middleware/Oracle_IDM1/bin
[apprdoid@oraoidprd1 bin]$ cat change_attrs.ldif
dn: cn=dsaconfig, cn=configsets,cn=oracle internet directory
changetype: modify
add: orclallattrstodn
orclallattrstodn:cn=orcladmin
[apprdoid@oraoidprd1 bin]$ export ORACLE_HOME=/mnt/oidprd_app/app/middleware/Oracle_IDM1
[apprdoid@oraoidprd1 bin]$ export PATH=$ORACLE_HOME/bin:$PATH
[apprdoid@oraoidprd1 bin]$ echo $ORACLE_HOME
/mnt/oidprd_app/app/middleware/Oracle_IDM1
[apprdoid@oraoidprd1 bin]$ $ORACLE_HOME/bin/ldapmodify -h oraoidprd1.guc.loc -p 3060 -D cn=orcladmin -w orcladminguprd0id -v -f change_attrs.ldif
add orclallattrstodn:
cn=orcladmin
modifying entry cn=dsaconfig, cn=configsets,cn=oracle internet directory
modify complete
All these pre-req steps compelted successfully.

Javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Cre...

Sir/Madam,
i am working on Windows Platform and I am getting this error when i want ot configure the LDAP.
Please suggest
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
     at javax.naming.InitialContext.init(InitialContext.java:223)
     at javax.naming.InitialContext.<init>(InitialContext.java:197)
     at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
     at TestClient.main(TestClient.java:33)
Thanks in advance.
Regards
Neelamadhab

javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]LDAP is rejecting your credentials (username / password). Make sure your credentials are coorectly given, otherwise get help from LDAP admin.
regards,
Sekar

LDAP: error code 1 - Invalid query reference]; remaining name '

I have the following function for a paged search operation.
Data retrieved by this function is used somewhere else to modify the Ldap Directory context.
Despite my setting for ctx and search control as "no timeout", i've been keeping thrown the exception for operations lasting more than 5 minutes(consistently) and for some short operations(sporadically):
Paged Search failed : javax.naming.NamingException: [LDAP: error code 1 - Invalid query reference]; remaining name '<directory>'
I am using DirX as LDAP directory.
Is this a time-out related exception which can be fixed in the code?
How can it be fixed?
There's no clue all over the web about this.
Thanks.
      * Returns the next page of the search results.
      * The returned result from this method can not exceed page size
      * set in the constructor.
      * @return
     public NamingEnumeration nextPage(){
          //1.step Set PagedResultsControl
          NamingEnumeration results = null;
          Control[] controls=null;
          try {
               if( isSearchStarted==false ){
                    isSearchStarted=true;
                    if(sortingAttributes==null)
                         controls=new Control[]{ new PagedResultsControl(pageSize) };
                    else
                         controls=new Control[]{new SortControl(sortingAttributes, Control.NONCRITICAL), new PagedResultsControl(pageSize) };
               }else {// examine the response controls
                    cookie = parseControls(ctx.getResponseControls());
                    if( cookie!=null && cookie.length!=0 ){
                         // pass the cookie back to the server for the next page
                         if(sortingAttributes==null)
                              controls=new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) };
                         else
                              controls=new Control[] {new SortControl(sortingAttributes, Control.NONCRITICAL), new PagedResultsControl(pageSize, cookie, Control.CRITICAL) };
                    }else{
                         //search is finished
                         return null;
               ctx.setRequestControls(controls);
               //ctx.getEnvironment().values();
               //ctx.getEnvironment().put("com.sun.jndi.ldap.connect.timeout", "5000", 300000);
               ctx.addToEnvironment("com.sun.jndi.ldap.connect.timeout", "0");
               //ctx.getEnvironment().values();
          } catch (NamingException e) {
               Tracer.getInstance().error("Paged Search failed while setting response controls: " + e);
               return null;
          } catch (Exception e) {
               Tracer.getInstance().error("Paged Search failed while setting response controls: " + e);
               return null;
          //2.step: DO SEARCH
          for(int i=0;i<10;i++){
               boolean reconnect=false;
               try{
                    results = ctx.search(searchBase, searchFilter, searchCtls);
                    Thread.sleep(300000);
                    //ctx.get
                    //Thread.sleep(300000);
                    break;
               } catch (NamingException e) {
                    Tracer.getInstance().error("Paged Search failed : " + e);
                    reconnect=true;
               } catch (Exception e) {
                    reconnect=true;
                    Tracer.getInstance().error("Paged Search failed : " + e);
               if(reconnect){
                    try {
                         this.ctx = LDAPServer.getInstance().getDirContext();
                         ctx=ctx.newInstance(controls);
                         //ctx.getEnvironment().values();
                    } catch (NamingException e1) {
                         Tracer.getInstance().error("Could not reconnect the ldapcontext");
          return results;
     }

It turned out to be a DirX "root DSE" entry "PAGP" that is disposing my paged results if a timeout occurs(300 seconds by default).
So i have to modify this entry during runtime, which is unfortunately only can be accesed by dirxadm.exe.
Is it possible to modify this attribute by a ldap context method?

Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspaces

during install OCS Infrastructure DB OCS have error:
... processed key-value: logfile=/oracle/product/dbocs/workspaces/logs/cw_config_backend.log
... processed key-value: action=setup_backend
... processed key-value: oh=/oracle/product/dbocs
... processed key-value: oid=oid.domain
... processed key-value: oid_port=389
... processed key-value: oid_user_dn=cn=orcladmin
... processed key-value: oid_passwd=xxxxxx
... processed key-value: db_sn=ocs.domain
... processed key-value: dba_user=sys
... processed key-value: dba_passwd=xxxxxx
... processed key-value: cw_db_passwd=xxxxxx
Attempting to set logfile to: /oracle/product/dbocs/workspaces/logs/cw_config_backend.log
Processed oh=/oracle/product/dbocs
BACKEND installation ...
... Trying to lookup database dn
... Obtain OID connection
...... Can not obtain OID ssl port.
...... OID port = "389"
...... Trying to establish a non-ssl connection. OID host "oid.domain", OID port "389", OID user dn "cn=orcladmin".
... OID connection created.
...... You must specify either db_dn or db_sn.
...... ldap search filter "(&(objectclass=orcldbserver)(orcldbglobalname=ocs.domain))"
...... Succesfully located database dn "cn=ocs,cn=OracleContext".
...... Database dn = "cn=ocs,cn=OracleContext"
... Validating existence and version of CW schema: "CWSYS" in database: "cn=ocs,cn=OracleContext".
... Obtain JDBC connect string
... JDBC connect string = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
...derived: "jdbc_str=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))".
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
Unlocking schema and setting passwd: "CWSYS/xxxxxx".
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
... Checking Workspaces container.
... Container "cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext" already exist.
... Finish checking Workspaces container.
... Trying to create backend application entity in OID
...... Database dn = "cn=ocs,cn=OracleContext"
...... Backend entity name = "ocs"
...... Backend entity dn = "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
... Backend entries already exist. Cleanup old entries.
deregisterProvisioningListener ...
app dn = orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext
subscriber = dc=domain,dc=com
... Trying to remove entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext".
... Deleting "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
Adding Workspaces application entity to: cn=Service Registry Viewers,cn=Groups,cn=OracleContext
Adding Workspaces application entity to: cn=Service Registry Admins,cn=Groups,cn=OracleContext
... Insufficient privilege to create application entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext". Please check the user DN and password.
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
oracle.workspaces.install.CwCAException: Error while executing action: "setup_backend"
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]
at oracle.workspaces.install.CwConfig.run(CwConfig.java:639)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
... 1 more
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
What should i do?
help.
Thanks

closed
Re: Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspac

LDAP: error code 21 - Invalid Attribute Syntax

I have written a java program to create an LDAP user. Sometime it works fine but sometimes it gives error. Detailed error is given below:
createLDAPAgencyUser() : Inside Exception - javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - Invalid Attribute Syntax]; remaining name 'uid=VINMUMBAI,ou=fci,o=cw,c=in'
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - Invalid Attribute Syntax]; remaining name 'uid=VINMUMBAI,ou=fci,o=cw,c=in'
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3001)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
     at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
     at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
     at LDAPAgencyCreation4C.createLDAPAgencyUser(LDAPAgencyCreation4C.java:123)
Stop main method.
     at LDAPAgencyCreation4C.main(LDAPAgencyCreation4C.java:45)
Does anyone have idea to resove it, please let me know.
Thanks in advance,
Vinod Shivhare

I got the solution. One attribute which I was sending it's name was incorrect. Attribute names are very case sensitive.
-Vinod.

LDAP: error code 48 - Server is Configured to Deny Anonymous Binds

Is it possible to authenticate user from java code when Anonymous binds in Oracle Internet Directory is disabled? I have been trying to make direct LDAP calls for authentication but it gives me error as below:
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - Server is Configured to Deny Anonymous Binds];
Appreciate help from fellow members.
Thanks,
Shivam

You create a user entry in OID specifically to be used by your java application. Some folks refer to this type of user entry as a proxy or service or utility account. You may not want this service account to be located in your cn=users,dc=acme,dc=com container with the reset of your normal user entries. You may want to create a cn=serviceAccount,dc=acme,dc=com container (as an example) for all of these types of accounts. Or you can put it in your cn=users container, that's fine as well.
cn=java-app-01,cn=serviceAccount,dc=acme,dc=com
or
cn=java-app-01,cn=users,dc=acme,dc=com
Then your java app gets configured to use this account to perform an authenticated bind/search (in lieu of the anonymous bind/search) to find the full DN of the user logging into your java app. Most ldap enabled applications ask the user to provide only the common name (cn) or unixID (uid) and password at the application login prompt.
1. The app then performs an anonymous bind/search for the full user entry DN of the user attempting to authenticate into the application.
or
2. The app then performs an authenticated bind/search (using the service account) for the full user entry DN of the user attempting to authenticate into the application.
...once the app receives back the full user entry DN, the app takes that full DN (dn: cn=gatesb,cn=users,dc=acme,dc=com) and the password provided by the user and attempts the user authentication.
Hope this helps.....

Error while create user in LDAP - LDAP: error code 1

Hi Guy's, I am getting below error while creating user in LDAP MS AD.
cn=3001,ou=sAP_IDM,dc=springswf,dc=comcn<mx:TEXT>putNextEntry failed storingOU=SAP_IDM,DC=springswf,DC=com</mx:TEXT>
<mx:LTEXT>Exception from Add operation:javaxnaming.NamingException: {LDAP: error code 1 = 00000000: LdapErr: DSID-OC090AE2, coment: In order to perform this operation a successful bind must be completed on the connection.,data0,vece
Steps I am following:
1. create a job through wizard and pick from (IC->jobs->Active Directory->Create Active Directory User)
2. Destination tab values that I am passing:
dn: cn=Dummyuser,ou=SAP_IDM,dc=<main domain>,dc=com
objectClass: top|person|organizationalPerson|user
sn: Surname
givenName: GivenName
displayName: Dummy user displayname
Under <main domain> an OU has been created called SAP_IDM for testing user creation from IDM.
Admin user account created called <XYZ> and has full control over SAP_IDM OU.
I am passing <XYZ> credentials into my job for user creation.
Thanks for you help!

Farhan,
Based on the error message presented,
In order to perform this operation a successful bind must be completed on the connection
Make sure that you're using the correct information to do the AD Bind. User name should be something like cn=administrator,cn=users,dc=xxx,dc=xxx and the proper password.
Matt

LDAP Newbie:    javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT)

Hi,
I am getting the following error when I try to do a search on an ldap (AD LDS) database:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=AppPartFE,DC=com'
]; remaining name 'cn=Users,dc=AppPartFE,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at Test.<init>(Test.java:70)
at Test.main(Test.java:118)
I can bind successfully using either the userPrincipalName (UPN) or the Distinguished Name (DN), however my search is failing.
It is almost as if I am connected to the db tree at the wrong place. Do I need a different search scope?
I appreciate any assistance you can provide.
Here is my code:
import java.util.*;
import static java.lang.System.err;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class Test
public Test()
Properties prop = new Properties();
prop.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
prop.put("java.naming.provider.url", "ldap://MyHost.Mydomain.labs.CompanyX.com:50004");
String strProviderUrl = "ldap://MyHost.Mydomain.labs.CompanyX.com:50004";
// Can successfully bind with the userPrincipalName in AD LDS
//prop.put("java.naming.security.principal", "[email protected]");
// Can successfully bind with Distinguished Name
// Note: the string is case insensitive and embedded blank after a comma is not a problem
   prop.put("java.naming.security.principal", "cn=tst0001,cn=Users,dc=AppPartFE,dc=com");
prop.put("java.naming.security.credentials", "password");
try {
    LdapContext ctx = new InitialLdapContext(prop, null);
    System.out.println("Bind successful");
//I am successful to this point....
   //now try doing a search on another user
     String strFilter = "(&(objectClass=userProxy)(sAMAccountName=tst0001))";
    SearchControls searchControls = new SearchControls();
    searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); //works with object class=* to find top partition node
    NamingEnumeration<SearchResult> results = ctx.search("cn=Users,dc=AppPartFE,dc=com", strFilter, searchControls);
    SearchResult searchResult = null;
    if(results.hasMoreElements()) {
         searchResult = (SearchResult) results.nextElement();
        //make sure there is not another item available, there should be only 1 match
        if(results.hasMoreElements()) {
            System.err.println("Matched multiple users for the accountName");
catch (NamingException ex) {
    ex.printStackTrace();
public static void main(String[] args)
Test ldaptest = new Test();

Because you are specifiying a base distinguished name in your ldap url, the ldap context will be rooted at that context and all subsequent objects will be relative to that base distinguished name.//connect to my domain controller
String ldapURL = "ldaps://rhein:636/dc=bodensee,dc=de";andString userName = "CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de";results in an fully distinguished name of:CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de,dc=bodensee,dc=deEither specify your ldap url asString ldapURL = "ldaps://rhein:636";and leave your username as is, or specify the user object relative to the base distinguished name in the ldapurlString userName = "CN=verena bit,OU=Lehrer,OU=ASR";

LDAP: error code 49 - 80090308

I recently saw my log files as we were experiencing slowness in our application and found the follwoing error message :
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext
error, data 52e, v893]; remaining name 'dc=hess,dc=pri,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2549)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2523)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1904)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1809)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1734)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:328)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:313)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:238)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.getGroupNames(LdapRswSecurityDao.java:197)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.authenticateAndReadUser(LdapRswSecurityDao.java:92)
at com.retek.rsw.service.RswSecurity.getUser(RswSecurity.java:47)
at com.retek.rsw.ui.control.security.LoginDoneAction.perform(LoginDoneAction.java:37)
at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1787)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1586)
at com.retek.struts.action.ActionServlet.process(ActionServlet.java:227)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
Can anyone please help me understand this message. I looked it up on the internet and it said that you DN's are not set properly, if that is the case then none of the users should be able to login then howcome users are able to login?
Thanks in Advance,
Joyce

LDAP error code 49 means that invalid credentials were provided, so perhaps the application is trying to bind with the wrong dn/password.

Use of LdapRealm results in [LDAP: error code 32 - No Such Object]

Hi,
I'm testing with the example 'basic-auth' of the SJSAS7 2004Q2 with the LdapRealm.
This little test app can successfully authenticate my user against LDAP.
package de.zdf.qmv.helloworld.test;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class TestLdap {
public static void main(String[] args) {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL,            "ldap://123.123.123.123:389/o=aaa");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL,      "uid=myuser,ou=ddd,o=ccc,o=bbb,o=aaa");
    env.put(Context.SECURITY_CREDENTIALS,    "mypwd");
    try {
      DirContext ctx = new InitialDirContext(env);
      ctx.close();
    } catch (Exception e) {
      e.printStackTrace();
}But when I try to use these Settings for the LDAP Security Realms in the AppServer it doesn't work.
<auth-realm name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<property value="ldap://123.123.123.123:389/o=aaa" name="directory"/>
<property value="ou=ddd,o=ccc,o=bbb,o=aaa" name="base-dn"/>
<property value="ldapRealm" name="jaas-context"/>
</auth-realm>I get this error:
AM: Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
FEIN: Logging in user [myuser] into realm: ldap using JAAS module: ldapRealm
AM: Login module initialized: class com.iplanet.ias.security.auth.login.LDAPLoginModule
AM: search: baseDN: ou=ddd,o=ccc,o=bbb,o=aaa filter: uid=myuser
WARNUNG: SEC1106: Error during LDAP search with filter [uid=myuser].
WARNUNG: SEC1000: Caught exception.
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=ddd,o=ccc,o=bbb,o=aaa'Is the base-dn of the LDAP Security Realms properties the equivalent to the SECURITY_PRINCIPAL (without uid= )?
Is there a missing property in the LDAP Security Realms properties to get this work?
Thanks for your help

I have the same error with my code...
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost");
Context ctx = new InitialContext(env);
SQLServerDataSource mds = new SQLServerDataSource();
ctx.bind("jdbc/, mds);
// ERROR!!!!LDAP: error code 32 - No Such Object
I just installed the qcslapd.exe, running qcslapd -debug i get the result:
20030514 14:28:13 conn=6 fd=2 connection from e700 (127.0.0.1)
20030514 14:28:13 conn=6 op=0 BIND dn="" method=128
20030514 14:28:13 unknown version 3
20030514 14:28:13 conn=6 op=1 BIND dn="" method=128
20030514 14:28:13 conn=6 op=0 RESULT err=2 tag=97 nentries=0
20030514 14:28:13 conn=6 op=1 RESULT err=0 tag=97 nentries=0
20030514 14:28:13 conn=6 op=2 SRCH base="jdbc" scope=0 filter="(objectclass=*)"
20030514 14:28:14 conn=6 op=2 RESULT err=32 tag=101 nentries=0
can you help... HELP

Javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21

I have collected the following code from "http://www.concentric.net/~adhawan/tutorial/"
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.*;
import java.util.*;
public class MakeRoot {
        final static String ldapServerName = "localhost";
        final static String rootdn = "cn=Manager, o=jndiTest";
        final static String rootpass = "secret";
        final static String rootContext = "o=jndiTest";
        public static void main( String[] args ) {
                // set up environment to access the server
                Properties env = new Properties();
                env.put( Context.INITIAL_CONTEXT_FACTORY,
                         "com.sun.jndi.ldap.LdapCtxFactory" );
                env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
                env.put( Context.SECURITY_PRINCIPAL, rootdn );
                env.put( Context.SECURITY_CREDENTIALS, rootpass );
                try {
                        // obtain initial directory context using the environment
                        DirContext ctx = new InitialDirContext( env );
                        // now, create the root context, which is just a subcontext
                        // of this initial directory context.
                        ctx.createSubcontext( rootContext );
                } catch ( NameAlreadyBoundException nabe ) {
                        System.err.println( rootContext + " has already been bound!" );
                } catch ( Exception e ) {
                        System.err.println( e );
}I am using the ldap server at here:
http://download.bergmans.us/openldap/openldap-2.2.29/openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
My slap.conf is:database     bdb
suffix          "dc=jndiTest"
rootdn          "cn=Manager,dc=jndiTest"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory     ./data
# Indices to maintain
index     objectClass     eqWhile running this code:
ldap://localhost:389/
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - ob
jectClass: value #0 invalid per syntax]; remaining name 'dc=jndiTest'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
        at com.sun.jndi.toolkit.ctx.ComponentContext.p_createSubcontext(Unknown
Source)
        at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
        at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
        at javax.naming.InitialContext.createSubcontext(Unknown Source)
        at MakeRoot.main(MakeRoot.java:35)It's obviously connecting with the given credentials and provider url. But then why is it not working?
Any help would highly appreciated. Thanks in advance.

That is right I agree. And I guess that happened because I was trying to doing different permutation-combination with the naming scheme and I forgot to update slapd.conf. And even after made that change it was showing the same error. The poster forgot to mention to include java.schema. That change made it work finally.
Thanks for your reply.

BIND Failed [LDAP: error code 49 - Invalid Credentials]

Similar Messages

Maybe you are looking for