Hi,
When trying to connect to an LDAP server, using ldaps (port 636), I'm getting the below error.
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at com.myco.squatter.activedirectory.ADQuery.main(ADQuery.java:116)
Any ideas what it means? I'm also attaching the complete code I use to connect. The exception is thrown here
LdapContext ctx = new InitialLdapContext(ldapEnv,null);
The complete code is below. Thanks, - Dave
public static void main(String[] args) {
//
// A hash table storing name/value pairs
// (including credentials, URL, etc.) is used
// to pass information to the JNDI service
// provider. The pre-defined names (keys)
// to use with JNDI are found in the
// javax.naming.Context interface as you
// will see in the later code.
//
Hashtable ldapEnv = new Hashtable();
//
// Specify URL of the domain controller
// Domain should be full domain name
// (mycompany.com, mydept.mycompany.com)
// LDAP's default port is 389
//
String host="subdomain2.subdomain1";
String domain="mydomain.com";
String port="636";
String urlDC="ldaps://"+host+"."+domain+":"+port+"/";
//
// Build doman component list so that we can
// submit queries in the form:
// CN=object,DC=domain,DC=com
//
// The .replaceAll method required v1.4 of the JDK
//
// If your domain is mycompany.local, the dcList
// string should contain DC=mycompany,DC=local
//
String dcList="";
try {
dcList="DC="+domain.replaceAll("\\.",",DC=");
} catch (Exception ex) {
System.err.println("Error in regular expression kit: " + ex.getMessage());
return;
}
//
// User name can be in "domain\\user"
// or UPN (user@domain) syntax
//
String userName="username@"+domain;
String userPassword = "password";
//
// Section 1
//
// Establish a context using JNDI with the
// LDAP service provider (remember, as with
// JDBC to use JNDI you need to specify a
// vendor supplied default. The LDAP provider
// comes with the JDK.)
//
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//
// Set security credentials
// Beware that simple authentication sends
// the credentials "in the clear"
//
ldapEnv.put(Context.SECURITY_AUTHENTICATION,"simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL,userName);
ldapEnv.put(Context.SECURITY_CREDENTIALS,userPassword);
ldapEnv.put(Context.PROVIDER_URL, urlDC);
String searchBase;
String searchFilter;
//
// Section 2 - Construct Query base and filter
//
// Also specify the attributes of the AD object or container
// to return. Of course, the value of some attributes
// are only useful for certain object types.
//
//
//
// Example to find people
//
searchBase= "cn=Users,"+dcList;
searchFilter = "(&(&(&(mailNickname=*)(objectcategory=person)(objectclass=user)(msExchRecipientDisplayType=7))))";
//searchFilter = "(&(objectClass=person)(anr=p*))";
String objAttribs[]={"uid","sn","givenName","cn","mail","shortServerName"};
//
// Example to find printers
// By default these are stored in the Domain Controllers
// Organizational Unit (OU)
//
// Note: the description attribute maps to the comment textbox
// within the printer definition
//
//searchBase= "ou=Domain Controllers,"+dcList;
//searchFilter = "(&(&(UNCname=*Server01*)(objectCategory=printQueue)(printColor=TRUE)))";
//String objAttribs[]={"UNCname","location","description","cn","portName"};
try {
//
// Section 3
// Create an LDAP directory context
//
LdapContext ctx = new InitialLdapContext(ldapEnv,null);
//
// Search controls are used to assign the scope
// of the search and the attributes to be returned
//
SearchControls srchInfo = new SearchControls();
//
// We want to browse all of the sub-branches
// of our directory tree
//
srchInfo.setSearchScope(SearchControls.SUBTREE_SCOPE);
//
// Identify the attributes of the objects that
// we want to return
//
srchInfo.setReturningAttributes(objAttribs);
int nodirObjects = 0;
//
// Section 4
//
// Submit the query to the LDAP directory service
// and return the results in a NamingEnumeration object
//
NamingEnumeration dirObjects = ctx.search(searchBase, searchFilter, srchInfo);
//
// Loop through dirObjects returned by the LDAP query
//
while (dirObjects != null && dirObjects.hasMoreElements()) {
SearchResult dirObject = (SearchResult)dirObjects.next();
//
// Display name and requested attributes to the console
//
System.out.println(dirObject.getName());
for (int i=0; i<objAttribs.length; i++) {
System.out.println(dirObject.getAttributes().get(objAttribs));
}
// Increment the counter
nodirObjects++;
}
ctx.close();
System.out.println("Number of entries identified: " + nodirObjects);
}
catch (NamingException ex) {
ex.printStackTrace(System.err);
System.err.println("Error during query: " + ex.getMessage());
}
} // End main