[LDAP: error code 49 - Invalid Credentials]

New to OID. Using Jdev 10.1.3 and then have following code. user is apenlast and password is penlast2.
I want to get all the attributes for this user from OID. But I keep getting this error.
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
Actually from SSO login screen, if I try login using apenlast/penlast2 I can successfully login to OID. Then why this error from code ??
InitialDirContext ctx1 = ConnectionUtil.getDefaultDirCtx
( "ormi://br-dev3.fjcs.net:399",
"389",
"cn=apenlast",
"penlast2" );
System.out.println("TTTTTTTTTTTTTTTTTTTTT "+ctx1.getAttributes("uid"));

probably you're not using using the fully qualified DN.
the users are stored by default under cn=users,dc=yourDOMAIN
so u should try cn=apenlast,cn=users,dc=yourDOMAIN.
regards,
--Olaf

Similar Messages

LDAP error "ldap_bind: Invalid credentials (49)"

Dear Server professionals
I run in an error "ldap_bind: Invalid credentials (49)" eatch time I try to import a ldif file. Below I wrote my slapd.conf file and my command I use.
slapd.conf file:
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/fmserver.schema
include /etc/openldap/schema/apple.schema
include /etc/openldap/schema/netinfo.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
replica-pidfile /var/run/slurpd.pid
replica-argsfile /var/run/slurpd.args
replicationinterval 3
loglevel 32768
sizelimit 11000
gentlehup off
schemacheck on
allows bind_v2
schemacheck on
checkpoint 32 30 # <kbyte> <min>
database bdb
directory /private/var/db/openldap/openldap-data
suffix "o=machilfe,c=ch"
#rootdn "cn=ldapadmin,o=machilfe,c=ch"
#rootpw {SSHA}c1lrRr4xWi444e59Vez96XkohS7fTiwU
# Indices to maintain
index default pres,eq
index objectClass eq
index cn,sn,uid
# Sample security restrictions
# Disallow clear text exchange of passwords
# disallow bindsimpleunprotected
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
#access to dn.base="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
# if no access controls are present, the default policy is:
# Allow read by all
# rootdn can always write!
# Some settings are maintained in slapd_macosxserver.conf,
# which is updated by Server Admin. Put your own changes in
# this file.
include /etc/openldap/slapd_macosxserver.conf
include /etc/openldap/schema/abxldap.schema
Command:
sh-3.2# ldapadd -c -D "cn=diradmin,o=machilfe,c=ch" -W -x -f /Users/ladmin/Desktop/AddressBook\ X\ LDAP\ Installation/Examples/InitialImport.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Can anyone help me to solve this problem or where to look for this to solve?
Kind regards
Thomas Thaler

Make sure your dn value is correct. i.e cn=diradmin,o=machilfe,c=ch

Javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Cre...

Sir/Madam,
i am working on Windows Platform and I am getting this error when i want ot configure the LDAP.
Please suggest
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
     at javax.naming.InitialContext.init(InitialContext.java:223)
     at javax.naming.InitialContext.<init>(InitialContext.java:197)
     at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
     at TestClient.main(TestClient.java:33)
Thanks in advance.
Regards
Neelamadhab

javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]LDAP is rejecting your credentials (username / password). Make sure your credentials are coorectly given, otherwise get help from LDAP admin.
regards,
Sekar

"[LDAP: error code 34 - Invalid DN]" Why?

Hi all, I have the following problem, when I try to test my Plumtree connection to LDAP Sun One Server I get the following error message:
Attempt to connect to LDAP Server failed. Double check your installation and logon credentials.
Could not create InitialDirContext: [LDAP: error code 34 - Invalid DN] [LDAP: error code 34 - Invalid DN]
I have entered LDAP URL: georgi.masq
LDAP port: 49129
ldap user: admin
ldap pass: XXXXXXX
With this parameters I can login into SunOne ADmin Console, unfortunately something's wrong and I don't know what, if anyone has any ideas please tell me .

Hi all, I have the following problem, when I try to
test my Plumtree connection to LDAP Sun One Server I
get the following error message:
Attempt to connect to LDAP Server failed. Double
check your installation and logon credentials.
Could not create InitialDirContext: [LDAP: error code
34 - Invalid DN] [LDAP: error code 34 - Invalid DN]
I have entered LDAP URL: georgi.masq
LDAP port: 49129
ldap user: admin
ldap pass: XXXXXXX
With this parameters I can login into SunOne ADmin
Console, unfortunately something's wrong and I don't
know what, if anyone has any ideas please tell me .
Hi all, I have the following problem, when I try to
test my Plumtree connection to LDAP Sun One Server I
get the following error message:
Attempt to connect to LDAP Server failed. Double
check your installation and logon credentials.
Could not create InitialDirContext: [LDAP: error code
34 - Invalid DN] [LDAP: error code 34 - Invalid DN]
I have entered LDAP URL: georgi.masq
LDAP port: 49129
ldap user: admin
ldap pass: XXXXXXX
With this parameters I can login into SunOne ADmin
Console, unfortunately something's wrong and I don't
know what, if anyone has any ideas please tell me .Hello actually I have the same error, maybe someone have the solution.
Or what did you do for resolve this error?
Thanks for your collaboration!!

LDAP: error code 21 - Invalid Attribute Syntax

I have written a java program to create an LDAP user. Sometime it works fine but sometimes it gives error. Detailed error is given below:
createLDAPAgencyUser() : Inside Exception - javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - Invalid Attribute Syntax]; remaining name 'uid=VINMUMBAI,ou=fci,o=cw,c=in'
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - Invalid Attribute Syntax]; remaining name 'uid=VINMUMBAI,ou=fci,o=cw,c=in'
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3001)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
     at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
     at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
     at LDAPAgencyCreation4C.createLDAPAgencyUser(LDAPAgencyCreation4C.java:123)
Stop main method.
     at LDAPAgencyCreation4C.main(LDAPAgencyCreation4C.java:45)
Does anyone have idea to resove it, please let me know.
Thanks in advance,
Vinod Shivhare

I got the solution. One attribute which I was sending it's name was incorrect. Attribute names are very case sensitive.
-Vinod.

LDAP: error code 1 - Invalid query reference]; remaining name '

I have the following function for a paged search operation.
Data retrieved by this function is used somewhere else to modify the Ldap Directory context.
Despite my setting for ctx and search control as "no timeout", i've been keeping thrown the exception for operations lasting more than 5 minutes(consistently) and for some short operations(sporadically):
Paged Search failed : javax.naming.NamingException: [LDAP: error code 1 - Invalid query reference]; remaining name '<directory>'
I am using DirX as LDAP directory.
Is this a time-out related exception which can be fixed in the code?
How can it be fixed?
There's no clue all over the web about this.
Thanks.
      * Returns the next page of the search results.
      * The returned result from this method can not exceed page size
      * set in the constructor.
      * @return
     public NamingEnumeration nextPage(){
          //1.step Set PagedResultsControl
          NamingEnumeration results = null;
          Control[] controls=null;
          try {
               if( isSearchStarted==false ){
                    isSearchStarted=true;
                    if(sortingAttributes==null)
                         controls=new Control[]{ new PagedResultsControl(pageSize) };
                    else
                         controls=new Control[]{new SortControl(sortingAttributes, Control.NONCRITICAL), new PagedResultsControl(pageSize) };
               }else {// examine the response controls
                    cookie = parseControls(ctx.getResponseControls());
                    if( cookie!=null && cookie.length!=0 ){
                         // pass the cookie back to the server for the next page
                         if(sortingAttributes==null)
                              controls=new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) };
                         else
                              controls=new Control[] {new SortControl(sortingAttributes, Control.NONCRITICAL), new PagedResultsControl(pageSize, cookie, Control.CRITICAL) };
                    }else{
                         //search is finished
                         return null;
               ctx.setRequestControls(controls);
               //ctx.getEnvironment().values();
               //ctx.getEnvironment().put("com.sun.jndi.ldap.connect.timeout", "5000", 300000);
               ctx.addToEnvironment("com.sun.jndi.ldap.connect.timeout", "0");
               //ctx.getEnvironment().values();
          } catch (NamingException e) {
               Tracer.getInstance().error("Paged Search failed while setting response controls: " + e);
               return null;
          } catch (Exception e) {
               Tracer.getInstance().error("Paged Search failed while setting response controls: " + e);
               return null;
          //2.step: DO SEARCH
          for(int i=0;i<10;i++){
               boolean reconnect=false;
               try{
                    results = ctx.search(searchBase, searchFilter, searchCtls);
                    Thread.sleep(300000);
                    //ctx.get
                    //Thread.sleep(300000);
                    break;
               } catch (NamingException e) {
                    Tracer.getInstance().error("Paged Search failed : " + e);
                    reconnect=true;
               } catch (Exception e) {
                    reconnect=true;
                    Tracer.getInstance().error("Paged Search failed : " + e);
               if(reconnect){
                    try {
                         this.ctx = LDAPServer.getInstance().getDirContext();
                         ctx=ctx.newInstance(controls);
                         //ctx.getEnvironment().values();
                    } catch (NamingException e1) {
                         Tracer.getInstance().error("Could not reconnect the ldapcontext");
          return results;
     }

It turned out to be a DirX "root DSE" entry "PAGP" that is disposing my paged results if a timeout occurs(300 seconds by default).
So i have to modify this entry during runtime, which is unfortunately only can be accesed by dirxadm.exe.
Is it possible to modify this attribute by a ldap context method?

Invalid ID store configuration LDAP : Error code 32- No Such object

Followed note : Integrating Oracle E-Business Suite Release 12.1.3 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate [ID 1484024.1
Completed all these steps:
Integrate Oracle Internet Directory with Oracle E-Business Suite
Configure Oracle Internet Directory to return operational attributes
Install Oracle Access Manager
Install and Configure WebGate on the WebTier
Register the WebGate Agent with Oracle Access Manager
Test your WebGate.
we stuck at the stage of Configure Identity Store .
section 4.3.2.1: Create User Identity Store
In the OAM Console, navigate to System Configuration > Common Configuration > Data Sources > User Identity Stores.
Highlight the User Identity Stores node, and click the "*" (Create) icon.
In the window that opens, enter the attributes for your new identity store, for example:
•Store Name = EBSIdStore
•Store Type = OID: Oracle Internet Directory
•Location = oraoidprd1.guc.loc:3060
•Bind DN = cn=orcladmin
•Password =
•User Name Attribute = uid
•User Search Base = cn=users,dc=us,dc=oraoidprd1,dc=com,dc=guc,dc=loc
•Group Search Base = cn=groups,dc=us,dc=oraoidprd1,dc=com,dc=guc,dc=loc
when we click test conenction it fails with
Invalid ID store configuration. User search base specified is invalid
LDAP : Error code 32- No Such object
Any help is greatly appreciated.
Thanks!

Yes.. i am passign the correct values..
Here are the registration steps we did.. as a pre-requisite:
1. Register instance:
[apdevebs@oraebsdev1 bin]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registerinstance=yes
You are registering ORACLE HOME only.
Enter the host name where Oracle iAS Infrastructure database is installed ? oraoidprd1
Enter the LDAP Port on Oracle Internet Directory server ? 3060
Enter SSL LDAP Port on Oracle Internet Directory server ? 3131
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter Oracle E-Business apps database user password ?
2. Register OID:
Register OID
2. [apdevebs@oraebsdev1 bin]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registeroid=yes
You are registering this instance with OID Server.
Enter LDAP Host name ? oraoidprd1
Enter the LDAP Port on Oracle Internet Directory server ? 3060
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter the instance password that you would like to register this application instance with ? test123
Enter Oracle E-Business apps database user password ?
3.. Configure Oracle Internet Directory to return operational attributes
cd /mnt/oidprd_app/app/middleware/Oracle_IDM1/bin
[apprdoid@oraoidprd1 bin]$ cat change_attrs.ldif
dn: cn=dsaconfig, cn=configsets,cn=oracle internet directory
changetype: modify
add: orclallattrstodn
orclallattrstodn:cn=orcladmin
[apprdoid@oraoidprd1 bin]$ export ORACLE_HOME=/mnt/oidprd_app/app/middleware/Oracle_IDM1
[apprdoid@oraoidprd1 bin]$ export PATH=$ORACLE_HOME/bin:$PATH
[apprdoid@oraoidprd1 bin]$ echo $ORACLE_HOME
/mnt/oidprd_app/app/middleware/Oracle_IDM1
[apprdoid@oraoidprd1 bin]$ $ORACLE_HOME/bin/ldapmodify -h oraoidprd1.guc.loc -p 3060 -D cn=orcladmin -w orcladminguprd0id -v -f change_attrs.ldif
add orclallattrstodn:
cn=orcladmin
modifying entry cn=dsaconfig, cn=configsets,cn=oracle internet directory
modify complete
All these pre-req steps compelted successfully.

Javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21

I have collected the following code from "http://www.concentric.net/~adhawan/tutorial/"
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.*;
import java.util.*;
public class MakeRoot {
        final static String ldapServerName = "localhost";
        final static String rootdn = "cn=Manager, o=jndiTest";
        final static String rootpass = "secret";
        final static String rootContext = "o=jndiTest";
        public static void main( String[] args ) {
                // set up environment to access the server
                Properties env = new Properties();
                env.put( Context.INITIAL_CONTEXT_FACTORY,
                         "com.sun.jndi.ldap.LdapCtxFactory" );
                env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
                env.put( Context.SECURITY_PRINCIPAL, rootdn );
                env.put( Context.SECURITY_CREDENTIALS, rootpass );
                try {
                        // obtain initial directory context using the environment
                        DirContext ctx = new InitialDirContext( env );
                        // now, create the root context, which is just a subcontext
                        // of this initial directory context.
                        ctx.createSubcontext( rootContext );
                } catch ( NameAlreadyBoundException nabe ) {
                        System.err.println( rootContext + " has already been bound!" );
                } catch ( Exception e ) {
                        System.err.println( e );
}I am using the ldap server at here:
http://download.bergmans.us/openldap/openldap-2.2.29/openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
My slap.conf is:database     bdb
suffix          "dc=jndiTest"
rootdn          "cn=Manager,dc=jndiTest"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory     ./data
# Indices to maintain
index     objectClass     eqWhile running this code:
ldap://localhost:389/
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - ob
jectClass: value #0 invalid per syntax]; remaining name 'dc=jndiTest'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
        at com.sun.jndi.toolkit.ctx.ComponentContext.p_createSubcontext(Unknown
Source)
        at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
        at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
        at javax.naming.InitialContext.createSubcontext(Unknown Source)
        at MakeRoot.main(MakeRoot.java:35)It's obviously connecting with the given credentials and provider url. But then why is it not working?
Any help would highly appreciated. Thanks in advance.

That is right I agree. And I guess that happened because I was trying to doing different permutation-combination with the naming scheme and I forgot to update slapd.conf. And even after made that change it was showing the same error. The poster forgot to mention to include java.schema. That change made it work finally.
Thanks for your reply.

LDAP: error code 49 - 80090308

I recently saw my log files as we were experiencing slowness in our application and found the follwoing error message :
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext
error, data 52e, v893]; remaining name 'dc=hess,dc=pri,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2549)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2523)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1904)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1809)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1734)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:328)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:313)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:238)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.getGroupNames(LdapRswSecurityDao.java:197)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.authenticateAndReadUser(LdapRswSecurityDao.java:92)
at com.retek.rsw.service.RswSecurity.getUser(RswSecurity.java:47)
at com.retek.rsw.ui.control.security.LoginDoneAction.perform(LoginDoneAction.java:37)
at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1787)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1586)
at com.retek.struts.action.ActionServlet.process(ActionServlet.java:227)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
Can anyone please help me understand this message. I looked it up on the internet and it said that you DN's are not set properly, if that is the case then none of the users should be able to login then howcome users are able to login?
Thanks in Advance,
Joyce

LDAP error code 49 means that invalid credentials were provided, so perhaps the application is trying to bind with the wrong dn/password.

LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 534, v1db0^@]

Hello,
What does the following error code data 534 mean?
LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 534, v1db0^@]

Hi,
Thanks for your patience.
The error code 49 related to LDAP is caused by the invalid credentials. Please refer to the following most possible causes.
1. The DN path or password which you have specified for the administrator is invalid. Any of the below will result in this error:
1). Pointed to non-user DN
2). Pointed to a non-existent user, but in existing DN
3). Pointed to non existent DN
4). Pointed to an existing user, but non existing DN
5). Pointed to an incorrect admin DN, uid instead of cn
6). Pointed to a non administrator user
7). Pointed to a valid admin but password is incorrect
2. Could not authenticate the user trying to login. This can be the result of an incorrect username or password, or an incorrect prefix and/or suffix specified in the Settings tab, depending on the type of LDAP/AD system. Could also mean the authentication
type is incorrect.
Best regards,
Ann Zhu

LDAP: error code (s) library ???

Where will I get the list of all LDAP errors and the explanation about the error. Any document OR webpage is available with such list ???
Example: Assume I got a error, "[LDAP: error code 65 - Object Class Violation]", where will I check for the exact explanation about this error.
Please help...

Hi Guy's
Here you go,
Code
(decimal) Error code (string) Description
0 LDAP_SUCCESS Success
1 LDAP_OPERATIONS_ERROR Operations error
2 LDAP_PROTOCOL_ERROR Protocol error
3 LDAP_TIMELIMIT_EXCEEDED Timelimit exceeded
4 LDAP_SIZELIMIT_EXCEEDED Sizelimit exceeded
5 LDAP_COMPARE_FALSE Compare false
6 LDAP_COMPARE_TRUE Compare true
7 LDAP_STRONG_AUTH_NOT_SUPPORTED Strong authentication not supported
8 LDAP_STRONG_AUTH_REQUIRED Strong authentication required
9 LDAP_PARTIAL_RESULTS Partial results
16 LDAP_NO_SUCH_ATTRIBUTE No such attribute
17 LDAP_UNDEFINED_TYPE Undefined attribute type
18 LDAP_INAPPROPRIATE_MATCHING Inappropriate matching
19 LDAP_CONSTRAINT_VIOLATION Constraint violation
20 LDAP_TYPE_OR_VALUE_EXISTS Type or value exists
21 LDAP_INVALID_SYNTAX Invalid syntax
32 LDAP_NO_SUCH_OBJECT No such object
33 LDAP_ALIAS_PROBLEM Alias problem
34 LDAP_INVALID_DN_SYNTAX Invalid DN syntax
35 LDAP_IS_LEAF Object is a leaf
36 LDAP_ALIAS_DEREF_PROBLEM Alias dereferencing problem
48 LDAP_INAPPROPRIATE_AUTH Inappropriate authentication
49 LDAP_INVALID_CREDENTIALS Invalid credentials
50 LDAP_INSUFFICIENT_ACCESS Insufficient access
51 LDAP_BUSY DSA is busy
52 LDAP_UNAVAILABLE DSA is unavailable
53 LDAP_UNWILLING_TO_PERFORM DSA is unwilling to perform
54 LDAP_LOOP_DETECT Loop detected
64 LDAP_NAMING_VIOLATION Naming violation
65 LDAP_OBJECT_CLASS_VIOLATION Object class violation
66 LDAP_NOT_ALLOWED_ON_NONLEAF Operation not allowed on nonleaf
67 LDAP_NOT_ALLOWED_ON_RDN Operation not allowed on RDN
68 LDAP_ALREADY_EXISTS Already exists
69 LDAP_NO_OBJECT_CLASS_MODS Cannot modify object class
70 LDAP_RESULTS_TOO_LARGE Results too large
80 LDAP_OTHER Unknown error
81 LDAP_SERVER_DOWN Can't contact LDAP server
82 LDAP_LOCAL_ERROR Local error
83 LDAP_ENCODING_ERROR Encoding error
84 LDAP_DECODING_ERROR Decoding error
85 LDAP_TIMEOUT Timed out
86 LDAP_AUTH_UNKNOWN Unknown authentication method
87 LDAP_FILTER_ERROR Bad search filter
88 LDAP_USER_CANCELLED User cancelled operation
89 LDAP_PARAM_ERROR Bad parameter to an ldap routine
90 LDAP_NO_MEMORY Out of memory
questions please contact me @ [email protected]
Thanks
srinivasa

Error while create user in LDAP - LDAP: error code 1

Hi Guy's, I am getting below error while creating user in LDAP MS AD.
cn=3001,ou=sAP_IDM,dc=springswf,dc=comcn<mx:TEXT>putNextEntry failed storingOU=SAP_IDM,DC=springswf,DC=com</mx:TEXT>
<mx:LTEXT>Exception from Add operation:javaxnaming.NamingException: {LDAP: error code 1 = 00000000: LdapErr: DSID-OC090AE2, coment: In order to perform this operation a successful bind must be completed on the connection.,data0,vece
Steps I am following:
1. create a job through wizard and pick from (IC->jobs->Active Directory->Create Active Directory User)
2. Destination tab values that I am passing:
dn: cn=Dummyuser,ou=SAP_IDM,dc=<main domain>,dc=com
objectClass: top|person|organizationalPerson|user
sn: Surname
givenName: GivenName
displayName: Dummy user displayname
Under <main domain> an OU has been created called SAP_IDM for testing user creation from IDM.
Admin user account created called <XYZ> and has full control over SAP_IDM OU.
I am passing <XYZ> credentials into my job for user creation.
Thanks for you help!

Farhan,
Based on the error message presented,
In order to perform this operation a successful bind must be completed on the connection
Make sure that you're using the correct information to do the AD Bind. User name should be something like cn=administrator,cn=users,dc=xxx,dc=xxx and the proper password.
Matt

LDAP Newbie:    javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT)

Hi,
I am getting the following error when I try to do a search on an ldap (AD LDS) database:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=AppPartFE,DC=com'
]; remaining name 'cn=Users,dc=AppPartFE,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at Test.<init>(Test.java:70)
at Test.main(Test.java:118)
I can bind successfully using either the userPrincipalName (UPN) or the Distinguished Name (DN), however my search is failing.
It is almost as if I am connected to the db tree at the wrong place. Do I need a different search scope?
I appreciate any assistance you can provide.
Here is my code:
import java.util.*;
import static java.lang.System.err;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class Test
public Test()
Properties prop = new Properties();
prop.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
prop.put("java.naming.provider.url", "ldap://MyHost.Mydomain.labs.CompanyX.com:50004");
String strProviderUrl = "ldap://MyHost.Mydomain.labs.CompanyX.com:50004";
// Can successfully bind with the userPrincipalName in AD LDS
//prop.put("java.naming.security.principal", "[email protected]");
// Can successfully bind with Distinguished Name
// Note: the string is case insensitive and embedded blank after a comma is not a problem
   prop.put("java.naming.security.principal", "cn=tst0001,cn=Users,dc=AppPartFE,dc=com");
prop.put("java.naming.security.credentials", "password");
try {
    LdapContext ctx = new InitialLdapContext(prop, null);
    System.out.println("Bind successful");
//I am successful to this point....
   //now try doing a search on another user
     String strFilter = "(&(objectClass=userProxy)(sAMAccountName=tst0001))";
    SearchControls searchControls = new SearchControls();
    searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); //works with object class=* to find top partition node
    NamingEnumeration<SearchResult> results = ctx.search("cn=Users,dc=AppPartFE,dc=com", strFilter, searchControls);
    SearchResult searchResult = null;
    if(results.hasMoreElements()) {
         searchResult = (SearchResult) results.nextElement();
        //make sure there is not another item available, there should be only 1 match
        if(results.hasMoreElements()) {
            System.err.println("Matched multiple users for the accountName");
catch (NamingException ex) {
    ex.printStackTrace();
public static void main(String[] args)
Test ldaptest = new Test();

Because you are specifiying a base distinguished name in your ldap url, the ldap context will be rooted at that context and all subsequent objects will be relative to that base distinguished name.//connect to my domain controller
String ldapURL = "ldaps://rhein:636/dc=bodensee,dc=de";andString userName = "CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de";results in an fully distinguished name of:CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de,dc=bodensee,dc=deEither specify your ldap url asString ldapURL = "ldaps://rhein:636";and leave your username as is, or specify the user object relative to the base distinguished name in the ldapurlString userName = "CN=verena bit,OU=Lehrer,OU=ASR";

Use of LdapRealm results in [LDAP: error code 32 - No Such Object]

Hi,
I'm testing with the example 'basic-auth' of the SJSAS7 2004Q2 with the LdapRealm.
This little test app can successfully authenticate my user against LDAP.
package de.zdf.qmv.helloworld.test;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class TestLdap {
public static void main(String[] args) {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL,            "ldap://123.123.123.123:389/o=aaa");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL,      "uid=myuser,ou=ddd,o=ccc,o=bbb,o=aaa");
    env.put(Context.SECURITY_CREDENTIALS,    "mypwd");
    try {
      DirContext ctx = new InitialDirContext(env);
      ctx.close();
    } catch (Exception e) {
      e.printStackTrace();
}But when I try to use these Settings for the LDAP Security Realms in the AppServer it doesn't work.
<auth-realm name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<property value="ldap://123.123.123.123:389/o=aaa" name="directory"/>
<property value="ou=ddd,o=ccc,o=bbb,o=aaa" name="base-dn"/>
<property value="ldapRealm" name="jaas-context"/>
</auth-realm>I get this error:
AM: Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
FEIN: Logging in user [myuser] into realm: ldap using JAAS module: ldapRealm
AM: Login module initialized: class com.iplanet.ias.security.auth.login.LDAPLoginModule
AM: search: baseDN: ou=ddd,o=ccc,o=bbb,o=aaa filter: uid=myuser
WARNUNG: SEC1106: Error during LDAP search with filter [uid=myuser].
WARNUNG: SEC1000: Caught exception.
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=ddd,o=ccc,o=bbb,o=aaa'Is the base-dn of the LDAP Security Realms properties the equivalent to the SECURITY_PRINCIPAL (without uid= )?
Is there a missing property in the LDAP Security Realms properties to get this work?
Thanks for your help

I have the same error with my code...
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost");
Context ctx = new InitialContext(env);
SQLServerDataSource mds = new SQLServerDataSource();
ctx.bind("jdbc/, mds);
// ERROR!!!!LDAP: error code 32 - No Such Object
I just installed the qcslapd.exe, running qcslapd -debug i get the result:
20030514 14:28:13 conn=6 fd=2 connection from e700 (127.0.0.1)
20030514 14:28:13 conn=6 op=0 BIND dn="" method=128
20030514 14:28:13 unknown version 3
20030514 14:28:13 conn=6 op=1 BIND dn="" method=128
20030514 14:28:13 conn=6 op=0 RESULT err=2 tag=97 nentries=0
20030514 14:28:13 conn=6 op=1 RESULT err=0 tag=97 nentries=0
20030514 14:28:13 conn=6 op=2 SRCH base="jdbc" scope=0 filter="(objectclass=*)"
20030514 14:28:14 conn=6 op=2 RESULT err=32 tag=101 nentries=0
can you help... HELP

DPS7: LDAP error code 52

env: DPS7 on RH5. we are running into many types of connection issues...the following 3 are frequent..
1. LDAP: error code 52 - Unable to read BIND response from server
2. LDAP: error code 52 - Unable to read SEARCH response from backend server : Connection reset by peer
3. LDAP: error code 52 - Unable to read SEARCH response from backend server : Timeout when waiting to read from input stream
Appreciate someone helping me understand under what circumstances the above errors occur and what needs to be tweaked to limit them.
Also, is there a way to configure DPS not to use connection pools and instead open fresh connections for each client operation. Why would I do that. I believe DPS needs a lot of timeout and monitoring times tweaking to make sure that the connections in the pool are monitored properly and kept active. Any suggestions here.

Hi,
Looks like the connections between DPS and DS are invalid. This gives rise to a great variety of error message depending on when the error is detected (read, write, timeout etc).
In most cases, this is related to aggressive idle-timeout set on the DS side or HW LB that impacts DPS connection pooling.
The dpconf property "monitoring-inactivity-timeout" , defaulted to 120s may be used to keep pooled connection alive.
Hope this helps
-Sylvain

[LDAP: error code 49 - Invalid Credentials]

Similar Messages

Maybe you are looking for