db:: 5.22::LDAP authentication error: LDAP: error code 49 - : LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece 8m
Widget settings form goes here& 查看文章&&&
LDAP error Code 及解决方法日 星期五 15:26问题：创建新用户时出现数据后端异常
在 WebSphere Portal Express 中，您可以设置密码的最短和最长长度。如果设置的密码长度与 LDAP 服务器的策略不相同，则在创建用户时您可能会看到以下异常：
EJPSG0015E: Data Backend Problem com.ibm.websphere.wmm.exception.WMMSystemException:
The following Naming Exception occurred during processing:
"javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D:
SvcErr: DSID-031A0FBC, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=see1anna,cn=users,dc=wps510,dc=rtp,dc=raleigh,dc=ibm,dc=com';
resolved object com.sun.jndi.ldap.LdapCtx@".
原因：这是由于“密码不能满足密码策略的要求”导致
解决方案：
1. 打开域安全策略-安全设置-账户策略-密码策略-密码必须符合复杂性要求。定义这个策略设置为:已禁用。/ 密码长度最小值：定义这个策略设置为0。
2. 打开域控制器安全策略-安全设置-账户策略-密码策略-密码必须符合复杂性要求。定义这个策略设置为：已禁用。/ 密码长度最小值：定义这个策略设置为0。
3. 最后运行刷新组策略命令为：gpupdate /force
===========================================================================
2. Need to specify class name
===========================================================================
javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file:& java.naming.factory.initial
原因：LdapContext在处理完上个环节被close(),LdapContext=
解决方案：不
3. error code 50
===========================================================================
javax.naming.NoPermissionException: [LDAP: error code 50 - : SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
4. error code 68
===========================================================================
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - : UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0
原因：创建的用户已经存在了
7. No trusted certificate
===========================================================================
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
1.cas机器A，A上a,b,c服务运行良好
2.website 位于B机器，cas可以截获请求，跳转javax.net.ssl.SSLHandshakeException
将A上生生成的客户端密钥，导入B
sudo keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore -validity 3600
$ keytool -export -trustcacerts -alias tomcat -file server.cer -keystore server.keystore -storepass changeit
$ sudo keytool -import -trustcacerts -alias tomcat -file server.cer -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
B运行最后一句即可
建立信任关系，客户，服务密钥，客户多处
8. error code 1
===========================================================================
javax.naming.NamingException: [LDAP: error code 1 - : LdapErr: DSID-0C090AE2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
原因：新增域用户的时候，ctx没有绑定管理员用户
解决方法：ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);
9. error code 50
==========================================================================
javax.naming.NoPermissionException: [LDAP: error code 50 - : SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS)
原因：新建域用户时候，ctx绑定到一个普通用户（该用户没有新建用户的权限）
解决方法：使用管理员用户进行绑定：
&&&&&&&&& ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, adminUser + "@" + ldapProperty.getDomain());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, adminPwd);
10. error code 19
==========================================================================
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, #1:
0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE)
原因：这个最大的可能是不满足域安全策略：如密码复杂性、密码最短使用期限、强制密码历史。即长度、包含的字符、多久可以修改密码、是否可以使用历史密码等。
11. LDAP: error code 50
==========================================================================
javax.naming.NoPermissionException: [LDAP: error code 50 - : SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS)
原因:这个是最初代码使用的replace操作，这个在AD里对应的是密码重设（普通用户默认没有这个权限，管理员可以操作），另外remove操作时提供的旧密码错误也可能报这个异常
12. RSA premaster secret error
==========================================================================
javax.naming.CommunicationException: simple bind failed: 172.18.20.4:636 [Root exception is javax.net.ssl.SSLKeyException: RSA premaster secret error]
原因：Tomcat 配置的JDK与添加证书的的JDK不一致。如：证书存放路径为C:\Java\jdk1.6.0_10\jre\lib\cacerts& 而Tomcat 配置的JDK为C:\Java\jre6 ，使得两者路径不一致，SSL验证的时候，找不到证书
13.No trusted certificate found
==========================================================================
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
原因：信任证书库文件路径不正确
解决方法：将正确工程中 \WEB-INF\classes目录下
14. error code 49
==========================================================================
javax.naming.AuthenticationException: [LDAP: error code 49 - : LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece
原因：用户名或密码错误
浏览 10585
浏览: 65355 次
来自: 上海
(window.slotbydup=window.slotbydup || []).push({
id: '4773203',
container: s,
size: '200,200',
display: 'inlay-fix'When IBM(R) WebSphere(R) Portal accesses the LDAP (in this case Microsoft(R) Active Directory), either to start the server or during configuration tasks, "LDAP: error code 49" can be encountered.
Generally, error references SECJ0369E and SECJ0055E will be generated in the SystemOut.log. There are, however, various root causes that can be derived from the values that follow the initial description. An example is shown below. From SystemOut.log:
[date/time] 0000000a LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server ldap://&hostname&:389. [date/time] 0000000a LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is [LDAP: error code 49&- : LdapErr: DSID-0C090334, comment: AcceptSecurityContext error,&data&775, vece ]. [date/time] 0000000a distContextMa E SECJ0270E: Failed to get actual credentials. The exception is javax.naming.AuthenticationException: [LDAP: error code 49&- : LdapErr: DSID-0C090334, comment: AcceptSecurityContext error,&data&775, vece ] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
In this case, validate-ldap is the config task that was failing, and from the ConfigTrace.log we see:
action-validate-ldap-was-admin-user: [ldapcheck] ########################### [ldapcheck] ldapURL : &hostname&:389 [ldapcheck] ldapUser : CN=wasadmin,OU=WebspherePortal,OU=Service Accounts,DC=select,DC=corp,DC=sem [ldapcheck] ldapPassword : ********* [ldapcheck] ldapSslEnabled : false [ldapcheck] javax.naming.AuthenticationException: [LDAP: error code 49&- : LdapErr: DSID-0C090334, comment: AcceptSecurityContext error,&data&775, vece ] [ldapcheck] ERROR: 4 [ldapcheck] Invalid or insufficient authorization privileges. Target finished: action-validate-ldap-was-admin-user
The error shown below is similar each time there is an LDAP authentication issue.
"The exception is [&
LDAP: error code 49&- : LdapErr:&
DSID-0Cxxxxxx, comment: AcceptSecurityContext error, data&
xxx, vece ]."
However, there are several values that can indicate what LDAP function is causing the issue. Here are some general references for Microsoft Active Directory:&
The AD-specific error code is the one after "data" and before "vece" or "v893" in the actual error string returned to the binding process&
user not found
invalid credentials
not permitted to logon at this time
not permitted to logon at this workstation
password expired
account disabled
account expired
user must reset password
user account locked
Common Active Directory LDAP bind errors:&
: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data&
525, v893&
HEX: 0x525 - user not found&
DEC: 1317 - ERROR_NO_SUCH_USER&(The specified account does not exist.)&
NOTE: Returns when username is invalid.&
: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data&
52e, v893&
HEX: 0x52e - invalid credentials&
DEC: 1326 - ERROR_LOGON_FAILURE&(Logon failure: unknown user name or bad password.)&
NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.&
: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data&
530, v893&
HEX: 0x530 - not permitted to logon at this time&
DEC: 1328 - ERROR_INVALID_LOGON_HOURS&(Logon failure: account logon time restriction violation.)&
NOTE: Returns only when presented with valid username and password/credential.&
: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data&
531, v893&
HEX: 0x531 - not permitted to logon from this workstation&
DEC: 1329 - ERROR_INVALID_WORKSTATION&(Logon failure: user not allowed to log on to this computer.)&
LDAP[userWorkstations: &multivalued list of workstation names&]&
NOTE: Returns only when presented with valid username and password/credential.&
: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data&
532, v893&
HEX: 0x532 - password expired&
DEC: 1330 - ERROR_PASSWORD_EXPIRED&(Logon failure: the specified account password has expired.)&
LDAP[userAccountControl: &bitmask=0x&] - PASSWORDEXPIRED&
NOTE: Returns only when presented with valid username and password/credential.&
: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data&
533, v893&
HEX: 0x533 - account disabled&
DEC: 1331 - ERROR_ACCOUNT_DISABLED&(Logon failure: account currently disabled.)&
LDAP[userAccountControl: &bitmask=0x&] - ACCOUNTDISABLE&
NOTE: Returns only when presented with valid username and password/credential.&
: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data&
701, v893&
HEX: 0x701 - account expired&
DEC: 1793 - ERROR_ACCOUNT_EXPIRED&(The user's account has expired.)&
LDAP[accountExpires: &value of -1, 0, or extemely large value indicates account will not expire&] - ACCOUNTEXPIRED&
NOTE: Returns only when presented with valid username and password/credential.&
: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data&
773, v893&
HEX: 0x773 - user must reset password&
DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE&(The user's password must be changed before logging on the first time.)&
LDAP[pwdLastSet: &value of 0 indicates admin-required password change&] - MUST_CHANGE_PASSWD&
NOTE: Returns only when presented with valid username and password/credential.&
: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data&
775, v893&
HEX: 0x775 - account locked out&
ERROR_ACCOUNT_LOCKED_OUT&(The referenced account is currently locked out and may not be logged on to.)&
LDAP[userAccountControl: &bitmask=0x&] - LOCKOUT&
NOTE: Returns even if invalid password is presented&
DEC:&values are not presented in P however, review of LDAP activity combined with analysis of SystemOut.log and relevant configuration tasks can help narrow down the root cause.
Resolving the problem
Use the codes above to verify the settings and users in LDAP.
本文转载自：http://www-01.ibm.com/support/docview.wss?uid=swg
人打赏支持
码字总数 13830
首先下载第三方库到beego的github.com里（具体连接方法可查看单元测试文件），https://github.com/mavricknz/ldap 具体Ldap与AD的参数如下图： 代码如下： 期间遇到的问题：ldap_bind: Inva...
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0] 异常原因：密码不符合密码策略。 解决......
SMAPI (Speech Manager Application Programming Interface) Reference IBM ViaVoice. SDK for Windowsa Printed in the USA Note Before using this information and the product it suppor......
Spring Cloud Data Flow 1.1 GA 发布了。 主要更新内容： Builds upon Spring Boot 1.4, Spring Cloud Camden SR2, Spring Integration 4.3 and Spring Cloud Task 1.1 release improvement......
常见问题FAQ : A：weblogic无法启动，错误信息包含如下: &000000& Q：LDAP启动失败，导致的问题可能是用root账户启动了weblogic。检查mydomain目录下myserver/ldap/ldapfiles下的文件权限，是...
没有更多内容
加载失败，请刷新页面
今天分析的两个类是：StringBuffer 和 StringBuilder。开篇前，先看看它们的继承层次： public final class StringBuffer extends AbstractStringBuilder
implements java.io.Seria...
Jacktanger
转载 Yii2语言国际化配置Twig翻译解决方案 我自己在写项目的时候，不喜欢使用php自身的模板，主要是各种PHP标签让我烦，而且对Html的标签兼容也不够友好，所以我后面采用了twig模板，配置之类...
Question 859. Buddy Strings Solution 题目大意: 两个字符串,其中一个字符串任意两个字符互换后与另一个字符串相等,只能互换一次 思路: diff 记录不同字符数长度不同abc abd
无重复且...
声明：本栏目所使用的素材都是凯哥学堂VIP学员所写，学员有权匿名，对文章有最终解释权；凯哥学堂旨在促进VIP学员互相学习的基础上公开笔记。 常用类 ·Robot类 是软件控制发出鼠标和键盘的命...
到了2018年下半年，越来越多的传统开发者转入区块链开发行业，当初学者了解了智能合约、超级账本之后不禁有一个疑惑，区块链Dapp开发和传统APP开发，除了多了Token，还有什么不同？如何将所学...
没有更多内容
加载失败，请刷新页面
文章删除后无法恢复，确定取消删除此文章吗？
亲，自荐的博客将通过私信方式通知管理员，优秀的博客文章审核通过后将在博客推荐列表中显示
确定推荐此文章吗？
确定推荐此博主吗？
聚合全网技术文章，根据你的阅读喜好进行个性推荐
指定官方社区
深圳市奥思网络科技有限公司版权所有AD验证错误 - ITeye问答
代码如下：
&&&&&&&&&&&&&&&&& String host = "172.18.8.87"; // AD服务器
String port = "389"; // 端口
String domain = "@ceair.com"; // 邮箱的后缀名
String url = "ldap://" + host + ":" +
String user = userName.indexOf(domain) & 0 ? userName : userName +
Hashtable&String, String& env = new Hashtable&String, String&();
DirContext ctx =
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, user);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
&&&&&&&&&&&&&&&&& ctx = new InitialDirContext(env);
执行到 ctx = new InitialDirContext(env); 时候 报如下错误：
javax.naming.AuthenticationException: [LDAP: error code 49 - : LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1，网上也找了，说是全是英文的，大概意思说是：SECURITY_PRINCIPAL 问题，可是我感觉没错呀，请大家给点意见！！
错误码对应的含义是
49 提供的凭据无效。 Ldap Invalid Credentials
意思是用户名或者密码错误
已解决问题
未解决问题ambari-server sync-ldap --all
Syncing all...ERROR: Exiting with exit code 1.
REASON: Caught exception running LDAP sync. [LDAP: error code 49 - Invalid Cr; nested exception is javax.naming.AuthenticationException: [LDAP: error codelid Credentials]
The DN path or password which you have specified for the administrator is invalid. 原因：DN路径或管理员密码，你必须指定为无效。 Any
of the below will result in this error:任何下文将导致此错误：
Pointed to non-user DN指出，非用户的DNPointed to a non-existent user, but in existing DN指出了一个不存在的用户，但在现有的DNPointed to non existent DN指出不存在的DNPointed to an existing user, but non existing DN指出，现有的用户，但现有的DN非Pointed to an incorrect admin DN, uid instead of cn指出，一个不正确的管理员的DN，而不是架CN的UIDPointed to a non administrator user指着一个非管理员用户Pointed to a valid admin but password is incorrect指出了一个有效的管理员密码是不正确的
ambari-server setup-ldap
根据LDAP配置，输入正确的参数Manager
LDAP 报错ldap_bind: Invalid credentials (49）解决方法
摘自：http://blog.sina.com.cn/s/blog_5f2ca1ed01015f8m.html
将base.ldif 文件的内容以LDAP服务命令行的形式导入数据库
ldap服务器搭建——ldap_bind: Invalid credentials (49)错误解决
在配置ldap服务器时，遇到了几次Invalid credentials (49)错误，折腾了很久才搞定，现在把个人经验写下来，以免其它仁兄少走弯路
1、出现该问题的其中一个原因就是sldap.con...
LDAP的特定错误
LDAP的特定错误
Error: com.macromedia.contribute.server.exception.DBException: Error in bind() from LDA...
LDAP error Code 及解决方法
error code 53===========================================================================问题：创建...
LDAP错误代码 及解决方法
error code 53
===========================================================================
LDAP错误代码
ldap访问AD域的的错误一般会如下格式：
Ldap load error: [LDAP: error code 49 - : LdapErr: DSID-0C090334, co...
Java调用LDAP认证的例子
import java.util.H
import javax.naming.AuthenticationE
import javax.naming....
没有更多推荐了，}