The World’s Largest Online Community for Developers
I`m using Apache LDAP API to connect to MS Active Directory but I´m getting the following error:
DEBUG#c.s.m.c.r.c.ApacheLdapClient##anonymous#http-bio-8080-exec-6###Unexpected error connecting to LDAP org.apache.directory.api.ldap.model.exception.LdapAuthenticationExcepti on: 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580^@
In this case I´m just provided the LDAP user name and password both in the LdapConnectionConfig.Name and in the bind method of LdapConnect class.
Based on some researches and tests I could see that when I provide the complete DN (Distinguished Name) of the user the connection and bind works fine.
So my question is: Is there a way to get connected and bind to MS AD using the Apache LDAP API just providing the user name and password (not the complete DN)?
Below are excerpt of of the source code that fails:
LdapConnection conn = new LdapNetworkConnection(); connParams.setLdapHost(LDAP_HOST); connParams.setLdapPort(389); connParams.setName(test_user); connParams.setCredentials(TEST_USER_PASSWORD); LdapConnection connection = new LdapConnection(connParams); connection.bind(test_user, TEST_USER_PASSWORD);
You must use the distinguished name for binding - LDAP doesn't know about Active Directory, after all. Of course, you can use a service account first to retrieve the dn for a sAMAccountName.