LDAP binding problem

[iamcallaghan]

Hi all,

Unfortunately my knowledge of Apache Tomcat and Java is limited at best, so I do apologise if my use of relevant language doesn't quite hit the spot!

We have a web application running on Apache Tomcat that needs an LDAP binding to our Active Directory to be able to look up users for authentication purposes, but it isn't returning any results when I search.

I have found some relevant logs which tell me the error when running the lookup:

LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 533, vece

Now Google tells me that this indicates that the user we're binding with is disabled, however I have used three different accounts that are all live and well and am getting the same problem.

I can supply more details of the troubleshooting steps I've followed but I didn't want to lead with a monster post...

Any ideas?

 

[Diancecht]

I think we will need more detailed information. Meanwhile, you can take a look at this.

Another idea will be try the code as a standalone Java program to isolate LDAP problems from Tomcat problems.

Cheers,
Dian

 

[iamcallaghan]

Hi Dian,

Thanks for the reply. I had tried binding with the sAMAccountName attribute plus the domain name but with the same error.

What further information would you like in particular?

I don't believe it to be an LDAP problem; we have quite a few applications here on the same domain that are performing LDAP lookups with no problems at all. Interestingly, there is a 'Test LDAP' button within the settings that works just fine - although what parameters it uses I have no idea!

 

[Diancecht]

Where is that test button?

Cheers,
Dian

 

[iamcallaghan]

There is a .jar file that launches a configuration tool, from which LDAP settings are modified. The LDAP test is there.