Use of LdapRealm results in [LDAP: error code 32 - No Such Object]
Hi,
I'm testing with the example 'basic-auth' of the SJSAS7 2004Q2 with the LdapRealm.
This little test app can successfully authenticate my user against LDAP.
package de.zdf.qmv.helloworld.test;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class TestLdap {
public static void main(String[] args) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://123.123.123.123:389/o=aaa");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=myuser,ou=ddd,o=ccc,o=bbb,o=aaa");
env.put(Context.SECURITY_CREDENTIALS, "mypwd");
try {
DirContext ctx = new InitialDirContext(env);
ctx.close();
} catch (Exception e) {
e.printStackTrace();
}But when I try to use these Settings for the LDAP Security Realms in the AppServer it doesn't work.
<auth-realm name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<property value="ldap://123.123.123.123:389/o=aaa" name="directory"/>
<property value="ou=ddd,o=ccc,o=bbb,o=aaa" name="base-dn"/>
<property value="ldapRealm" name="jaas-context"/>
</auth-realm>I get this error:
AM: Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
FEIN: Logging in user [myuser] into realm: ldap using JAAS module: ldapRealm
AM: Login module initialized: class com.iplanet.ias.security.auth.login.LDAPLoginModule
AM: search: baseDN: ou=ddd,o=ccc,o=bbb,o=aaa filter: uid=myuser
WARNUNG: SEC1106: Error during LDAP search with filter [uid=myuser].
WARNUNG: SEC1000: Caught exception.
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=ddd,o=ccc,o=bbb,o=aaa'Is the base-dn of the LDAP Security Realms properties the equivalent to the SECURITY_PRINCIPAL (without uid= )?
Is there a missing property in the LDAP Security Realms properties to get this work?
Thanks for your help
I have the same error with my code...
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost");
Context ctx = new InitialContext(env);
SQLServerDataSource mds = new SQLServerDataSource();
ctx.bind("jdbc/, mds);
// ERROR!!!!LDAP: error code 32 - No Such Object
I just installed the qcslapd.exe, running qcslapd -debug i get the result:
20030514 14:28:13 conn=6 fd=2 connection from e700 (127.0.0.1)
20030514 14:28:13 conn=6 op=0 BIND dn="" method=128
20030514 14:28:13 unknown version 3
20030514 14:28:13 conn=6 op=1 BIND dn="" method=128
20030514 14:28:13 conn=6 op=0 RESULT err=2 tag=97 nentries=0
20030514 14:28:13 conn=6 op=1 RESULT err=0 tag=97 nentries=0
20030514 14:28:13 conn=6 op=2 SRCH base="jdbc" scope=0 filter="(objectclass=*)"
20030514 14:28:14 conn=6 op=2 RESULT err=32 tag=101 nentries=0
can you help... HELP
Similar Messages
-
LDAP error 32 no such object (other LDAP tool finds the object...)
While I used a separate LDAP search, I can successfully find a specific uid, with base set to "o=WebAuth"
Using the JAAS Authentication sample, I get this error:
javax.enterprise.system.stream.out
[LDAP
Complete Message
error code 32 - No Such Object]
(It did acknowledge that it was logging in for the user id:xxxxxxx)
: Logging in userxxxxxxx (details)
My settings are:
In login.conf:
ldapAuth{
jaasauthentication.MyLdapLoginModule required
URL= "ldap://sun-ds.sfbay.sun.com:389"
SEARCHBASE= "o=WebAuth";
In LdapUserData .java:
public class LdapUserData implements UserData {
private static LdapUserData instance = null;
private String INIT_CTX = "com.sun.jndi.ldap.LdapCtxFactory";
//You need to put your LDAP Host information here.
private String LDAP_HOST = "ldap://sun-ds.sfbay.sun.com:389"; //put your LDAP host address here ldap://myhost.com:389
private String SEARCHBASE_DN = "o=WebAuth"; // e.g. cn=Creator,ou=Groups,dc=myhost,dc=com
private String MY_FILTER = "uid=*";
(session bean has the value for private static variable login_config set to �ldapAuth�.)
Questions:
- What is wrong with my settings?
- Is the MY_FILTER setting above ok?
One more thing:
when running the test, there was
this message earlier on (before the message of logging in and LDAP 32) :
1585 SEVERE WebModule [JaasAuthentication] failed to deploy and has been disabled: [java.lang.IllegalArgumentEx...
(details) javax.enter....system.container.web
Is that a problem already? But it still went on to process the login?Did you check if the dc=NRSP_F
object exists in the ODM.
and if that object exists then in the users tab (under the object tab), you can search for the user you were trying to connect. -
Hi,
I am getting the following error when I try to do a search on an ldap (AD LDS) database:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=AppPartFE,DC=com'
]; remaining name 'cn=Users,dc=AppPartFE,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at Test.<init>(Test.java:70)
at Test.main(Test.java:118)
I can bind successfully using either the userPrincipalName (UPN) or the Distinguished Name (DN), however my search is failing.
It is almost as if I am connected to the db tree at the wrong place. Do I need a different search scope?
I appreciate any assistance you can provide.
Here is my code:
import java.util.*;
import static java.lang.System.err;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class Test
public Test()
Properties prop = new Properties();
prop.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
prop.put("java.naming.provider.url", "ldap://MyHost.Mydomain.labs.CompanyX.com:50004");
String strProviderUrl = "ldap://MyHost.Mydomain.labs.CompanyX.com:50004";
// Can successfully bind with the userPrincipalName in AD LDS
//prop.put("java.naming.security.principal", "[email protected]");
// Can successfully bind with Distinguished Name
// Note: the string is case insensitive and embedded blank after a comma is not a problem
prop.put("java.naming.security.principal", "cn=tst0001,cn=Users,dc=AppPartFE,dc=com");
prop.put("java.naming.security.credentials", "password");
try {
LdapContext ctx = new InitialLdapContext(prop, null);
System.out.println("Bind successful");
//I am successful to this point....
//now try doing a search on another user
String strFilter = "(&(objectClass=userProxy)(sAMAccountName=tst0001))";
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); //works with object class=* to find top partition node
NamingEnumeration<SearchResult> results = ctx.search("cn=Users,dc=AppPartFE,dc=com", strFilter, searchControls);
SearchResult searchResult = null;
if(results.hasMoreElements()) {
searchResult = (SearchResult) results.nextElement();
//make sure there is not another item available, there should be only 1 match
if(results.hasMoreElements()) {
System.err.println("Matched multiple users for the accountName");
catch (NamingException ex) {
ex.printStackTrace();
public static void main(String[] args)
Test ldaptest = new Test();Because you are specifiying a base distinguished name in your ldap url, the ldap context will be rooted at that context and all subsequent objects will be relative to that base distinguished name.//connect to my domain controller
String ldapURL = "ldaps://rhein:636/dc=bodensee,dc=de";andString userName = "CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de";results in an fully distinguished name of:CN=verena bit,OU=Lehrer,OU=ASR,DC=bodensee,DC=de,dc=bodensee,dc=deEither specify your ldap url asString ldapURL = "ldaps://rhein:636";and leave your username as is, or specify the user object relative to the base distinguished name in the ldapurlString userName = "CN=verena bit,OU=Lehrer,OU=ASR"; -
OID - OperationalNotSupportedException: [LDAP: error code 53 - Server ... ]
Hi,
I'm using JNDI (Java Native Directory Interface) accessing OID, and I received a javax.naming.OperationalNotSupportedException: [LDAP: error code 53 - Server currently in read only mode. Update operations not allowed];
I am not sure what's wrong.
I tried the following command
"./ldapsearch -b "" -s base "objectclass=*" orclservermode" The returned result is "orclservermode=rw"
So it is in read-write mode. I'm not sure what's wrong.
This started happen after I apply the 10.1.4.2.0 patch.Unfortunately I am not an OID expert so I can't really comment on the OID server part of the problem.
What I actually have plenty of experience of is the JNDI package and there has been a number of times when the error messages produced by JNDI have been cryptic or simply wrong. I would recommend sniffing the LDAP connection and check what error messages are actually created by the OID server.
Good luck!
/M -
LDAP: error code 1 - Invalid query reference]; remaining name '
I have the following function for a paged search operation.
Data retrieved by this function is used somewhere else to modify the Ldap Directory context.
Despite my setting for ctx and search control as "no timeout", i've been keeping thrown the exception for operations lasting more than 5 minutes(consistently) and for some short operations(sporadically):
Paged Search failed : javax.naming.NamingException: [LDAP: error code 1 - Invalid query reference]; remaining name '<directory>'
I am using DirX as LDAP directory.
Is this a time-out related exception which can be fixed in the code?
How can it be fixed?
There's no clue all over the web about this.
Thanks.
* Returns the next page of the search results.
* The returned result from this method can not exceed page size
* set in the constructor.
* @return
public NamingEnumeration nextPage(){
//1.step Set PagedResultsControl
NamingEnumeration results = null;
Control[] controls=null;
try {
if( isSearchStarted==false ){
isSearchStarted=true;
if(sortingAttributes==null)
controls=new Control[]{ new PagedResultsControl(pageSize) };
else
controls=new Control[]{new SortControl(sortingAttributes, Control.NONCRITICAL), new PagedResultsControl(pageSize) };
}else {// examine the response controls
cookie = parseControls(ctx.getResponseControls());
if( cookie!=null && cookie.length!=0 ){
// pass the cookie back to the server for the next page
if(sortingAttributes==null)
controls=new Control[] { new PagedResultsControl(pageSize, cookie, Control.CRITICAL) };
else
controls=new Control[] {new SortControl(sortingAttributes, Control.NONCRITICAL), new PagedResultsControl(pageSize, cookie, Control.CRITICAL) };
}else{
//search is finished
return null;
ctx.setRequestControls(controls);
//ctx.getEnvironment().values();
//ctx.getEnvironment().put("com.sun.jndi.ldap.connect.timeout", "5000", 300000);
ctx.addToEnvironment("com.sun.jndi.ldap.connect.timeout", "0");
//ctx.getEnvironment().values();
} catch (NamingException e) {
Tracer.getInstance().error("Paged Search failed while setting response controls: " + e);
return null;
} catch (Exception e) {
Tracer.getInstance().error("Paged Search failed while setting response controls: " + e);
return null;
//2.step: DO SEARCH
for(int i=0;i<10;i++){
boolean reconnect=false;
try{
results = ctx.search(searchBase, searchFilter, searchCtls);
Thread.sleep(300000);
//ctx.get
//Thread.sleep(300000);
break;
} catch (NamingException e) {
Tracer.getInstance().error("Paged Search failed : " + e);
reconnect=true;
} catch (Exception e) {
reconnect=true;
Tracer.getInstance().error("Paged Search failed : " + e);
if(reconnect){
try {
this.ctx = LDAPServer.getInstance().getDirContext();
ctx=ctx.newInstance(controls);
//ctx.getEnvironment().values();
} catch (NamingException e1) {
Tracer.getInstance().error("Could not reconnect the ldapcontext");
return results;
}It turned out to be a DirX "root DSE" entry "PAGP" that is disposing my paged results if a timeout occurs(300 seconds by default).
So i have to modify this entry during runtime, which is unfortunately only can be accesed by dirxadm.exe.
Is it possible to modify this attribute by a ldap context method? -
Javax.naming.OperationNotSupportedException:[LDAP: error code 12-00000057
Hi All,
I getting the below OperationNotSupportedException while searching the LDAP container
"'ou=Subscriptions,ou=BMCMarimba,DC=marimba,DC=bmc-dns,DC=com'".
In our application during the initial search i'm able to search the above container and get the results.But during subsequent search getting the below mentioned error.
javax.naming.OperationNotSupportedException: [LDAP: error code 12 - 00000057: LdapErr: DSID-0C09068F, comment: Error processing control, data 0, vece]; remaining name 'ou=Subscriptions,ou=BMCMarimba,DC=marimba,DC=bmc-dns,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3048)\
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)\
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)\
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1811)\
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1734)\
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)\
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:328)\
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:245)\
at com.marimba.tools.ldap.physical.LDAPConnectionImpl.getResult(LDAPConnectionImpl.java:901)\
at com.marimba.tools.ldap.physical.LDAPConnectionPoolImpl.searchWithConnection(LDAPConnectionPoolImpl.java:1369)\
at com.marimba.tools.ldap.physical.LDAPPagedSearchPR.getPage(LDAPPagedSearchPR.java:402)\
at com.marimba.tools.ldap.physical.LDAPPagedSearchPR.getPage(LDAPPagedSearchPR.java:238)\
at com.marimba.tools.ldapsync.util.PageResultEnumeration.getNextPage(PageResultEnumeration.java:159)\
at com.marimba.tools.ldapsync.policy.core.PolicySync.processNewPolicies(PolicySync.java:351)\
at com.marimba.tools.ldapsync.policy.core.PolicySync.syncPolicies(PolicySync.java:164)\
at com.marimba.tools.ldapsync.core.TargetSync.syncTargets(TargetSync.java:163)\
at com.marimba.tools.ldapsync.core.LDAPDBSync.run(LDAPDBSync.java:617)\
at java.lang.Thread.run(Thread.java:534)
Any idea why this exception is coming only in the subsequent search.
Any help would be greatly appriciated.
Thanks
VallinayagamHope this question raised long back and no suitable answers provided. I want to share my solution which worked for this problem to all the developers hitting their heads to thier PC :-)
You must use single LDAP connection to retrive all the results.
For example:
If your query returns around 10000 results, best way to get the results is using paging. Let us assume you set the page size to 500. Once you retrieve the first 500 results LDAP Connection will give you cookie which stores the information on last page. We need to set the cookie to future use i.e., for retrieving next page (next 500 results). If the connection to get next page is new/different (can be new instance or retrieved from pool) you will get "javax.naming.OperationNotSupportedException:[LDAP: error code 12-00000057".
So, to avoid this you need to use the same LDAP connection (conext) till you retieve all the results.
Regards,
Nageswara Rao.V -
Cannot Modify Identity Management Realm : [LDAP: error code 20 - Attribute
Hi ,
I am new to the OID and now i am trying to Creating a New Identity Management Realm, i followed the steps of these followed URL
http://www.oracle.com/technology/obe/obe_as_10g/im/realm_mng/realm.htm
in step 12 it showing the following error
Cannot Modify Identity Management Realm : [LDAP: error code 20 - Attribute
Anyone please help me
Thanks & Regards,
ManojI was doing a terrible mistake.. Instead of using createSubcontext, i was using modifyAttributes to create an user. The Problem is resolved now. Here is the latest code
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=" + "Directory Manager");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(Context.PROVIDER_URL, "ldap://localhost:389/dc=mytest,dc=com");
DirContext ctx = new InitialDirContext(env);
// Create attributes to be associated with the new context
Attributes attrs = new BasicAttributes(true); // case-ignore
Attribute sn = new BasicAttribute("sn");
sn.add("NewUser");
Attribute cn = new BasicAttribute("cn");
cn.add("NewUser");
Attribute objclass = new BasicAttribute("objectclass");
objclass.add("top");
objclass.add("inetOrgPerson");
attrs.put(objclass);
attrs.put(sn);
attrs.put(cn);
// Create the context
Context result = ctx.createSubcontext("cn=NewUser", attrs);
} catch (Exception e) {
System.out.println("e is " + e);
} -
Error while create user in LDAP - LDAP: error code 1
Hi Guy's, I am getting below error while creating user in LDAP MS AD.
cn=3001,ou=sAP_IDM,dc=springswf,dc=comcn<mx:TEXT>putNextEntry failed storingOU=SAP_IDM,DC=springswf,DC=com</mx:TEXT>
<mx:LTEXT>Exception from Add operation:javaxnaming.NamingException: {LDAP: error code 1 = 00000000: LdapErr: DSID-OC090AE2, coment: In order to perform this operation a successful bind must be completed on the connection.,data0,vece
Steps I am following:
1. create a job through wizard and pick from (IC->jobs->Active Directory->Create Active Directory User)
2. Destination tab values that I am passing:
dn: cn=Dummyuser,ou=SAP_IDM,dc=<main domain>,dc=com
objectClass: top|person|organizationalPerson|user
sn: Surname
givenName: GivenName
displayName: Dummy user displayname
Under <main domain> an OU has been created called SAP_IDM for testing user creation from IDM.
Admin user account created called <XYZ> and has full control over SAP_IDM OU.
I am passing <XYZ> credentials into my job for user creation.
Thanks for you help!Farhan,
Based on the error message presented,
In order to perform this operation a successful bind must be completed on the connection
Make sure that you're using the correct information to do the AD Bind. User name should be something like cn=administrator,cn=users,dc=xxx,dc=xxx and the proper password.
Matt -
Hitting error LDAP: error code 20 - mail attribute has duplicate value.
Hi ,
Anyone faced this issue before LDAP: error code 20 - mail attribute has duplicate value. We are getting this error intermittently in oid logs and
and due to that provisioning stuck . I know that the issue due to the object class mismatch in attributes. But map profile looks fine . Anything else need to check ?
SSO verion 10.4.1.3 and DB version 10g .
javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - mail attribute has duplicate value.]; remaining name 'uid=abc,cn=users,dc=xyz ,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2972)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1440)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)
at oracle.ldap.odip.gsi.LDAPWriter.modify(LDAPWriter.java:479)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:318)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:656)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
DIP_LDAPWRITER_ERROR_MODIFY
Error in executing mapping DIP_LDAPWRITER_ERROR_MODIFY
DIP_LDAPWRITER_ERROR_MODIFY
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:830)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
DIP_LDAPWRITER_ERROR_MODIFY
Setting Change Success Count : 27682
Setting Change Failure Count : 11004
CDSImportProfile:Error in Mapping EngineDIP_LDAPWRITER_ERROR_MODIFY
DIP_LDAPWRITER_ERROR_MODIFY
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:851)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
CDSImportProfile:about to Update exec statusdid you search the LDAP server to see whether the email value you try to use already exist ? typically LDAP server do not care whether email is duplicated or not, but by default OIM server do not allow duplicated email
-
Error : LDAP Error code 32 - in shared services export operation
Hi everyone !
I m using MS Active Directory in my Shared services for external authentication.
while exporting provisioning for all users against project:applications , it is not working
Trace error is :
2010-05-26 16:43:58,988 Export : Root cause : [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'OU=NJ - Users,OU=CLI - NJ,DC=cli,DC=ad'
suggestions are highly appreciated
Thank you
Edited by: user11966901 on May 27, 2010 2:43 AMBelow is the solution we got when we had kind of same issue:
Steps To Reproduce:
Install the OIM AD base connector version 9.1.0
Upgrade the Connector to OIM 9.1.0.1 version using Patch 7553764
Provision a user from OIM to AD.
Cause
The OIM 9.1.0.1 patch contains a fix that can handle special characters in the process form. But there is special character like hyphen (-) in Root Context value (for example: 'OU=X-Test OU,DC=mydomain,DC=com' ) inthe IT Resource it causes provisioning to fail.
Solution
In this case the user is being provisioned to a Organization called 'X-Test OU' under the mydomain.com domain in the AD. There is Lookup called 'Lookup.ADReconciliation.Organization' which is populated using the Schedule task called "AD Organization Lookup Recon". This lookup is also used in the AD User
Process Form for populating the Organization Field.
-- To implement the solution, please execute the following steps::
Edit the Root Context value in the IT Resource to point above the OU=X-Test OU organization. So it looks like dc=mydomain,dc=com.
Run the Schedule task called "AD Organization Lookup Recon" by providing dc=mydomain,dc=com value to Search Base parameter in the schedule task. This recon would populate the 'Lookup.ADReconciliation.Organization'.
Now provision a user to AD resource and in the process form selected the OU=X-Test OU as the Organization.
This way the user gets successfully provisioned and gets created under the 'OU=X-Test OU,DC=mydomain,DC=com'
Cheers....!!! -
i am trying to connect to the LDAP using the JNDI
and i am getting the following error i was unable to solve it
here i am posting my sample slapd.cof file as well as my source program and the error
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class MakeRoot {
final static String ldapServerName = "localhost";
final static String rootdn = "cn=Manager, o=jndiTest";
final static String rootpass = "secret";
final static String subContext = "o=jndiTest";
public static void main( String[] args ) {
// set up environment to access the server
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
try {
// obtain initial directory context using the environment
DirContext ctx = new InitialDirContext( env );
// now, create the root context, which is just a subcontext
// of this initial directory context.
ctx.createSubcontext( subContext );
} catch ( NameAlreadyBoundException nabe ) {
System.err.println( subContext + " has already been bound!" );
} catch ( Exception e ) {
System.err.println( e );
slapd.cof
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/java.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap:/root.openldap.org
pidfile ./run/slapd.pid
argsfile ./run/slapd.args
# Load dynamic backend modules:
# modulepath ./libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
# rootdn can always read and write EVERYTHING!
# BDB database definitions
#database bdb
#suffix "o=jndiTest"
#rootdn "cn=Manager,o=jndiTest"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
#directory ./data
# Indices to maintain
#index objectClass eq
database bdb
#suffix "dc=stooges,dc=org"
suffix "o=jndiTest"
rootdn "cn=Manager,o=jndiTest"
rootpw secret
directory ./data
defaultaccess read
schemacheck off
lastmod on
error:
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - object class 'javaContainer' requires attribute 'cn']; remaining name 'o=jndiTest'I have updated the ldap java.schema with below entries, it is working fine
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
NAME 'javaContainer'
DESC 'Container for a Java object'
SUP top
STRUCTURAL
MAY ( o $ cn)) -
Javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21
I have collected the following code from "http://www.concentric.net/~adhawan/tutorial/"
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.*;
import java.util.*;
public class MakeRoot {
final static String ldapServerName = "localhost";
final static String rootdn = "cn=Manager, o=jndiTest";
final static String rootpass = "secret";
final static String rootContext = "o=jndiTest";
public static void main( String[] args ) {
// set up environment to access the server
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
try {
// obtain initial directory context using the environment
DirContext ctx = new InitialDirContext( env );
// now, create the root context, which is just a subcontext
// of this initial directory context.
ctx.createSubcontext( rootContext );
} catch ( NameAlreadyBoundException nabe ) {
System.err.println( rootContext + " has already been bound!" );
} catch ( Exception e ) {
System.err.println( e );
}I am using the ldap server at here:
http://download.bergmans.us/openldap/openldap-2.2.29/openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
My slap.conf is:database bdb
suffix "dc=jndiTest"
rootdn "cn=Manager,dc=jndiTest"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory ./data
# Indices to maintain
index objectClass eqWhile running this code:
ldap://localhost:389/
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - ob
jectClass: value #0 invalid per syntax]; remaining name 'dc=jndiTest'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_createSubcontext(Unknown
Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
at javax.naming.InitialContext.createSubcontext(Unknown Source)
at MakeRoot.main(MakeRoot.java:35)It's obviously connecting with the given credentials and provider url. But then why is it not working?
Any help would highly appreciated. Thanks in advance.That is right I agree. And I guess that happened because I was trying to doing different permutation-combination with the naming scheme and I forgot to update slapd.conf. And even after made that change it was showing the same error. The poster forgot to mention to include java.schema. That change made it work finally.
Thanks for your reply. -
Javax.naming.NameAlreadyBoundException [LDAP: error code 68
I am getting the below Error when I am trying to add the entry into the LPAD Server.
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry Already Exists]; remaining name 'ou=People,dc=company,dc=co,dc=in'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_bind(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_bind(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(Unknown Source)
at javax.naming.InitialContext.bind(Unknown Source)
at com.test.CreateUser.main(CreateUser.java:54)
I am using the following sample program to test this.
public class CreateUser {
public static void main(String[] args) {
java.util.Hashtable env = new java.util.Hashtable();
env.put( javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
env.put( javax.naming.Context.PROVIDER_URL, "ldap://c-4966:62260");
env.put( javax.naming.Context.SECURITY_AUTHENTICATION, "simple");
env.put( javax.naming.Context.SECURITY_PRINCIPAL, "cn=Directory Manager");
env.put( javax.naming.Context.SECURITY_CREDENTIALS, "test");
String dn = "ou=People,dc=company,dc=co,dc=in";
try {
// create DirContext
DirContext ctx = new InitialDirContext(env);
// Attributes for new entry
Attributes attrs = new BasicAttributes();
Attribute attr = new BasicAttribute("objectclass");
attr.add( 0, "top" );
attr.add( 1, "person" );
attr.add( 2, "organizationalPerson" );
attr.add( 3, "inetorgperson" );
attrs.put(attr);
System.out.println("1...........");
attrs.put("cn", "Sai Krishna");
attrs.put("sn", "Potluri");
attrs.put("givenName","Sia Potluri");
attrs.put("uid","saipotluri");
attrs.put("userPassword", "balaji");
/*attr = new javax.naming.directory.BasicAttribute("mail");
attr.add( 0, "[email protected]" );
attr.add( 1, "[email protected]" );
attrs.put( attr );
attrs.put( "telephonenumber", "111-1111-3333" );*/
System.out.println("2...........");
ctx.bind(dn, attrs);
} catch ( javax.naming.NamingException ex ) {
System.err.println("Fail to Add Entry\n");
ex.printStackTrace();
Any help is highly appreciated.
Thanks in Advance
DARMAYou're adding the entry "ou=people,dc=company,dc=co,dc=in" and not an entry under "ou=people,dc=company,dc=co,dc=in".
The dn of the new entry should be something like "cn=Sai Krishna,ou=people,dc=company,dc=co,dc=in" when you call ctx.bind(dn,...) -
env: DPS7 on RH5. we are running into many types of connection issues...the following 3 are frequent..
1. LDAP: error code 52 - Unable to read BIND response from server
2. LDAP: error code 52 - Unable to read SEARCH response from backend server : Connection reset by peer
3. LDAP: error code 52 - Unable to read SEARCH response from backend server : Timeout when waiting to read from input stream
Appreciate someone helping me understand under what circumstances the above errors occur and what needs to be tweaked to limit them.
Also, is there a way to configure DPS not to use connection pools and instead open fresh connections for each client operation. Why would I do that. I believe DPS needs a lot of timeout and monitoring times tweaking to make sure that the connections in the pool are monitored properly and kept active. Any suggestions here.Hi,
Looks like the connections between DPS and DS are invalid. This gives rise to a great variety of error message depending on when the error is detected (read, write, timeout etc).
In most cases, this is related to aggressive idle-timeout set on the DS side or HW LB that impacts DPS connection pooling.
The dpconf property "monitoring-inactivity-timeout" , defaulted to 120s may be used to keep pooled connection alive.
Hope this helps
-Sylvain -
Dear all,
I saw the following error in the server-login log file:
2007/07/24 15:15:03.098 (pid 2698) server/login/moreinfo #1185261303098
Loaded class com.sco.tta.server.login.LdapLoginAuthority: {
LDAPRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
anonLogin=false
attemptPasswordChange=true
generalLdapProfileName=.../_ens/o=Tarantella System Objects/cn=LDAP Profile
mustChangePasswordResult[0]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
mustChangePasswordResult[1]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[2]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[3]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 773
name=com.sco.tta.server.login.LdapLoginAuthority
propAccEnabled=scottaaccountenabled
userMustChangePasswordResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
userPasswordExpiredResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
version=4.31.905
What should i do in my SGD server ?
What should i do in my AD server ?
What is the solution to resolve the error ?
Appreciate any help given.Hi,
I am also getting the same error. Please let me explain what i have encountered.
In the active directory (version 2003), the administrator has limited the user to login to only his workstation. This has been set by putting his workstation host name or IP (which is allowed to accessed by the user) into a "log on to" list (at the user level) in Active Directory.There is another option if the administrator allow the user to be able to log on to any workstation, that is by checking the "log on to all computer" check box at that particular user id.
When my user has been set to "log on to all computer", i don't encounter the error message i.e. error code 49, as mentioned in the subject of this topic. However, when a particular user has been limited to only access to his own workstation, the error appears. However, if the Active Directory server host name or IP has been added into the "log on to" list, the authentication is successful.
My application is actually running on an application server and the user is using Internet Explorer to login to my application from his workstation. And also, the application server has been joined to the same domain as the Active Directory server. My question is, is it a must that the Active Directory server name be added to the "log on to" list of that particular user in order for it to be authenticated by Active Directory? Does anyone has any ideas why this is happening? I definitely don't want to add the AD server name into the list as this will give the user rights to login to the AD server. Any advise would be of great help. Thanks a million in advance.
Maybe you are looking for
-
HELP NEEDED IN FORMING A QUERY...URGENT.....
Hi, I have a table where in that an employee has multiple rows, in that i need to query a particular column values, and need to display in one column separated any special charactar like ":". I need this query. ex: EmpID in_time 1900 9:00:00 1900 9:4
-
How can I download the latest Microsoft Office for my Macbook Air through the App Store?
How can I download the latest Microsoft Office for my Macbook Air through the App Store?
-
Can I import photos from iPhoto to my iPad?
Just a quick question, would it be possible to download photos and videos especially, from iPhoto to my iPad? I have a few videos that I would like to keep on my iPad, but are too big to send via email. Thanks
-
Database connects but no tables are shown
Hello I have connected to the database on my remote server in dreamweaver 8 and it says its connected successfully, but when I open the tree or try to make a recordset no tables are show and when I try it in advanced this error appears: "Error callin
-
I have a app where i drag jpg files from a JFileChooser to a JTextPane. The JTextpane displays what was dragged as pictures if it is a jpg file. i allow for multiple pictues to be displayed and i allow for removal of a picture by setting it visible t