10

I'm currently working on a small project with Active Directory and some LDAP stuff... I try to connect to the LDAP server and it always gives me the same error: 

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

As much as I know this means that the credentials are wrong, but I'm 100% sure that they're right! Could it be that I forgot a parameter?

Hashtable<String, String> env = new Hashtable<String, String>();

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://libertycity.ch:389/dc=libertycity,dc=ch");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.SECURITY_PRINCIPAL, "uid=" + username + ",ou=Users");
env.put("java.naming.ldap.attributes.binary", "objectSID");

DirContext ctx = new InitialDirContext(env);

I think my code looks right, or did I miss something? What could be the problem and how can I find that out?

4

6 回答 6

19

错误中提供的值“data 52e”表示绑定失败,原因是:当用户名有效但密码/凭据无效时返回。

http://ldapwiki.com/wiki/Common%20Active%20Directory%20Bind%20Errors

于 2013-05-28T15:35:41.560 回答
11

如果用户名中未包含完整域,也可能会出现此问题。

将安全主体设置为username@domain.

InitialLdapContext ldapContext = new InitialLdapContext();
ldapContext.addToEnvironment(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
ldapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, userId + "@mydomain.com");
ldapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, password);                  
ldapContext.addToEnvironment(Context.PROVIDER_URL, "ldap://" + ldapHost + ":" + ldapPort);
于 2015-07-29T06:23:17.903 回答
3

我在尝试保护从 wildfly 到 Microsoft 活动目录服务器的连接时遇到了问题,主要问题是不知道连接字符串应该是什么。
如果您从 Microsoft 提供的 Sysinternals take kit 安装“Active Directory Explorer”。搜索您要绑定的对象,将显示“路径:”设置。这是您需要在 Context.SECURITY_PRINCIPAL 值的参数中引用的值字符串。在我的情况下,路径字符串的格式为

CN=Fred Blogs,OU=XXX 用户,DC=foo-bar,DC=com,xxx.foo-bar.com:389 [xxx.foo-bar.com]]

所需的论点是

"CN=Fred Blogs,OU=XXX 用户,DC=foo-bar,DC=com"

请注意,空格非常重要

于 2017-06-30T09:34:06.750 回答
1

LDAP 错误代码 49 表示“凭据无效”,这意味着您发送到 LDAP 服务器的密码不正确。

于 2013-05-28T14:46:59.730 回答
1

Active Directory:检查您的域容器。

我在从 eDirectory 迁移到 Active Directory 时遇到了同样的错误,用户名和密码似乎是正确的,但由于某种原因,我仍然收到“52e”错误,表明密码不正确。

我必须将 DC(域容器)添加到主体以使其工作:

这不起作用:

env.put(Context.SECURITY_PRINCIPAL, "CN="+username+",OU=Users,OU=Org,OU=ETC");

添加 DC:(这对我有用)

 env.put(Context.SECURITY_PRINCIPAL, "CN="+username+",OU=Users,OU=Org,OU=ETC,DC=yourorg,DC=com");

这为我解决了 Active Directory 的问题。

真正帮助我解决此问题的方法是尝试使用 linux ldapbind / ldapsearch 命令https://docs.oracle.com/cd/B10501_01/network.920/a96579/comtools.htm进行绑定。

如果您使用 ldapbind / ldapsearch 命令使其在操作系统中工作,那么您将知道应该在代码中使用哪些确切参数。

于 2016-06-28T18:04:24.130 回答
0

目录上下文 ldapContext;

    Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11);
      ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
      //ldapEnv.put(Context.PROVIDER_URL,  "ldap://societe.fr:389");
      ldapEnv.put(Context.PROVIDER_URL,  "ldap://10.112.115.14:389");
      ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
      ldapEnv.put(Context.SECURITY_PRINCIPAL, "vmware-china@viewconnection.com");
      ldapEnv.put(Context.SECURITY_CREDENTIALS, "ca$hc0w");
      //ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
      //ldapEnv.put(Context.SECURITY_PROTOCOL, "simple");
      ldapContext = new InitialDirContext(ldapEnv);

      System.out.println(ldapContext);

      // Create the search controls         
      SearchControls searchCtls = new SearchControls();

      //Specify the attributes to return
      String returnedAtts[]={"sn","givenName", "samAccountName", "mail"};
      searchCtls.setReturningAttributes(returnedAtts);

      //Specify the search scope
      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

      //specify the LDAP search filter
      String searchFilter = "(&(objectClass=user)(mail=*))";

      //Specify the Base for the search
      String searchBase = "DC=VIEWCONNECTION, DC=COM";
      //initialize counter to total the results
      int totalResults = 0;

   // Search for objects using the filter
      NamingEnumeration<SearchResult> answer = ldapContext.search(searchBase, searchFilter, searchCtls);

    //Loop through the search results
      while (answer.hasMoreElements())
      {
        SearchResult sr = (SearchResult)answer.next();

        totalResults++;

        System.out.println(">>>" + sr.getName());
        Attributes attrs = sr.getAttributes();
        System.out.println(">>>>>>" + attrs.get("samAccountName"));
      }

      System.out.println("Total results: " + totalResults);
      ldapContext.close();
于 2016-08-04T00:40:57.817 回答