InitialLdapContext returned LDAP: error code 49

Question

I ran into an issue when trying to connect to ldap server in my spring boot application. I verified the URL, user name, and password are all valid using ADExplorer. I also step trace the same information to make sure information is correct right before the call.

Hashtable<String, Object> env = new Hashtable<String, Object>();
env.put(Context.SECURITY_AUTHENTICATION, "simple");
if(ldapUsername != null) {
    env.put(Context.SECURITY_PRINCIPAL, ldapUsername);
}
if(ldapPassword != null) {
    env.put(Context.SECURITY_CREDENTIALS, ldapPassword);
}
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapAdServer);
env.put("java.naming.ldap.attributes.binary", "objectSID");

ctx = new InitialLdapContext(env, null);<==== exception thrown
return ctx;

ldap:
    host:
      ldapadserver: ldap://ldapserver.com
    search:
      ldapsearchbase: OU=AD Master OU,OU=###,DC=###,DC=###
    user:
      ldapusername: ####
      ldappassword: ENC(#####)

Exception while loading user configuration file : javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3261)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2993)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2907)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
        at javax.naming.InitialContext.init(InitialContext.java:244)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)

Just an update: I followed the advise and use the full DN string as ldapUserName and everything works.

Answer 1

You do not say, but assume this is Microsoft Active Directory. Guessing you need this: env.put(Context.SECURITY_PROTOCOL, "ssl");

Also no idea what ENC(#####) is?

We have several examples known to work at: https://github.com/jwilleke/Examples-JNDI/tree/master/src/com/willeke/samples/ldap/jndi