trying to connect to ADAM instance via JNDI

Hi ,

I have created an ADAM instance and trying to connect to it
through JNDI, but I am getting this error.

Problem searching directory: javax.naming.AuthenticationException:
[LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment:
AcceptSecurityContext error, data 52b, va28]
javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C:
LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data 52b,
va28]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
at ldap.LDAPTest.main(LDAPTest.java:34)

My code is:

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
env.put(Context.PROVIDER_URL, "ldap://localhost:389");

DirContext ctx = new InitialDirContext(env);

This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft is
added to the member attribute of Administrators also.

Any help is really appreciated.

Thanks
Ravi

Can you do a simple bind with this account with ldp.exe (comes with ADAM)?
I'd suggest trying that first. The error code you are getting, 52b, is a
little weird. According to err.exe, that translates to:

# for hex 0x52b / decimal 1323 :
ERROR_WRONG_PASSWORD winerror.h
# Unable to update the password. The value provided as the
# current password is incorrect.
# 1 matches found for "52b"

That looks like an error you would get when trying a change password
operation, not a bind. But maybe the password is just wrong? In any event,
trying a bind with ldp is a good start. Perhaps the account is not enabled
or something.

It may also be worth knowing that you can use the UPN or displayName as a
binding username if you set those. You don't have to use the DN with ADAM.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<ravi311@gmail.com> wrote in message
news:1157752767.988850.130500@e3g2000cwe.googlegroups.com...
> Hi ,
>
> I have created an ADAM instance and trying to connect to it
> through JNDI, but I am getting this error.
>
> Problem searching directory: javax.naming.AuthenticationException:
> [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment:
> AcceptSecurityContext error, data 52b, va28]
> javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C:
> LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data 52b,
> va28]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
> at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
> at javax.naming.InitialContext.init(InitialContext.java:219)
> at
> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
> at ldap.LDAPTest.main(LDAPTest.java:34)
>
> My code is:
>
> Hashtable env = new Hashtable();
>
> env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
> env.put(Context.SECURITY_AUTHENTICATION,"simple");
> env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
> env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
> env.put(Context.PROVIDER_URL, "ldap://localhost:389");
>
> DirContext ctx = new InitialDirContext(env);
>
> This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft is
> added to the member attribute of Administrators also.
>
> Any help is really appreciated.
>
> Thanks
> Ravi
>

ERROR_WRONG_PASSWORD is an error that ADAM returns when it does not like
your creds. We recently fixed this in LH, it now returns
ERROR_INVALID_CREDENTIALS.

I bet the user is disabled.

--
Dmitri Gavrilov
SDE, Active Directory team

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message
news:%23oChCB80GHA.476@TK2MSFTNGP06.phx.gbl...
> Can you do a simple bind with this account with ldp.exe (comes with ADAM)?
> I'd suggest trying that first. The error code you are getting, 52b, is a
> little weird. According to err.exe, that translates to:
>
> # for hex 0x52b / decimal 1323 :
> ERROR_WRONG_PASSWORD winerror.h
> # Unable to update the password. The value provided as the
> # current password is incorrect.
> # 1 matches found for "52b"
>
> That looks like an error you would get when trying a change password
> operation, not a bind. But maybe the password is just wrong? In any
> event, trying a bind with ldp is a good start. Perhaps the account is not
> enabled or something.
>
> It may also be worth knowing that you can use the UPN or displayName as a
> binding username if you set those. You don't have to use the DN with
> ADAM.
>
> Joe K.
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> --
> <ravi311@gmail.com> wrote in message
> news:1157752767.988850.130500@e3g2000cwe.googlegroups.com...
>> Hi ,
>>
>> I have created an ADAM instance and trying to connect to it
>> through JNDI, but I am getting this error.
>>
>> Problem searching directory: javax.naming.AuthenticationException:
>> [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment:
>> AcceptSecurityContext error, data 52b, va28]
>> javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C:
>> LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data 52b,
>> va28]
>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>> at
>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>> at
>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
>> at
>> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
>> at javax.naming.InitialContext.init(InitialContext.java:219)
>> at
>> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
>> at ldap.LDAPTest.main(LDAPTest.java:34)
>>
>> My code is:
>>
>> Hashtable env = new Hashtable();
>>
>> env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
>> env.put(Context.SECURITY_AUTHENTICATION,"simple");
>> env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
>> env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
>> env.put(Context.PROVIDER_URL, "ldap://localhost:389");
>>
>> DirContext ctx = new InitialDirContext(env);
>>
>> This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft is
>> added to the member attribute of Administrators also.
>>
>> Any help is really appreciated.
>>
>> Thanks
>> Ravi
>>
>
>

Hi Joe,

Thanks for your response, I did tried with ldp and I was able
to bind with this username and password in ldp. The problem is when
trying to connect to this through Java code. If I dont give any
password I can connect to it and retrieve all the attributes of that
user.

I did tried to use the display name as username but it
didn't worked. Thanks again for your response.

Ravi


Joe Kaplan wrote:
> Can you do a simple bind with this account with ldp.exe (comes with ADAM)?
> I'd suggest trying that first. The error code you are getting, 52b, is a
> little weird. According to err.exe, that translates to:
>
> # for hex 0x52b / decimal 1323 :
> ERROR_WRONG_PASSWORD winerror.h
> # Unable to update the password. The value provided as the
> # current password is incorrect.
> # 1 matches found for "52b"
>
> That looks like an error you would get when trying a change password
> operation, not a bind. But maybe the password is just wrong? In any event,
> trying a bind with ldp is a good start. Perhaps the account is not enabled
> or something.
>
> It may also be worth knowing that you can use the UPN or displayName as a
> binding username if you set those. You don't have to use the DN with ADAM.
>
> Joe K.
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> --
> <ravi311@gmail.com> wrote in message
> news:1157752767.988850.130500@e3g2000cwe.googlegroups.com...
> > Hi ,
> >
> > I have created an ADAM instance and trying to connect to it
> > through JNDI, but I am getting this error.
> >
> > Problem searching directory: javax.naming.AuthenticationException:
> > [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment:
> > AcceptSecurityContext error, data 52b, va28]
> > javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C:
> > LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data 52b,
> > va28]
> > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
> > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
> > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
> > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
> > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> > at
> > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> > at
> > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
> > at
> > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
> > at javax.naming.InitialContext.init(InitialContext.java:219)
> > at
> > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
> > at ldap.LDAPTest.main(LDAPTest.java:34)
> >
> > My code is:
> >
> > Hashtable env = new Hashtable();
> >
> > env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
> > env.put(Context.SECURITY_AUTHENTICATION,"simple");
> > env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
> > env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
> > env.put(Context.PROVIDER_URL, "ldap://localhost:389");
> >
> > DirContext ctx = new InitialDirContext(env);
> >
> > This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft is
> > added to the member attribute of Administrators also.
> >
> > Any help is really appreciated.
> >
> > Thanks
> > Ravi
> >

Thanks Dmitri for your response. If the user is disabled I wouldn't be
able to connect via ldp, but I can connect and bind through ldp and
also I can connect to ADAM using same username without password.

Thanks
Ravi

Dmitri Gavrilov [MSFT] wrote:
> ERROR_WRONG_PASSWORD is an error that ADAM returns when it does not like
> your creds. We recently fixed this in LH, it now returns
> ERROR_INVALID_CREDENTIALS.
>
> I bet the user is disabled.
>
> --
> Dmitri Gavrilov
> SDE, Active Directory team
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message
> news:%23oChCB80GHA.476@TK2MSFTNGP06.phx.gbl...
> > Can you do a simple bind with this account with ldp.exe (comes with ADAM)?
> > I'd suggest trying that first. The error code you are getting, 52b, is a
> > little weird. According to err.exe, that translates to:
> >
> > # for hex 0x52b / decimal 1323 :
> > ERROR_WRONG_PASSWORD winerror.h
> > # Unable to update the password. The value provided as the
> > # current password is incorrect.
> > # 1 matches found for "52b"
> >
> > That looks like an error you would get when trying a change password
> > operation, not a bind. But maybe the password is just wrong? In any
> > event, trying a bind with ldp is a good start. Perhaps the account is not
> > enabled or something.
> >
> > It may also be worth knowing that you can use the UPN or displayName as a
> > binding username if you set those. You don't have to use the DN with
> > ADAM.
> >
> > Joe K.
> > --
> > Joe Kaplan-MS MVP Directory Services Programming
> > Co-author of "The .NET Developer's Guide to Directory Services
> > Programming"
> > http://www.directoryprogramming.net
> > --
> > <ravi311@gmail.com> wrote in message
> > news:1157752767.988850.130500@e3g2000cwe.googlegroups.com...
> >> Hi ,
> >>
> >> I have created an ADAM instance and trying to connect to it
> >> through JNDI, but I am getting this error.
> >>
> >> Problem searching directory: javax.naming.AuthenticationException:
> >> [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment:
> >> AcceptSecurityContext error, data 52b, va28]
> >> javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C:
> >> LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data 52b,
> >> va28]
> >> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
> >> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
> >> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
> >> at
> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> >> at
> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> >> at
> >> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> >> at
> >> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> >> at
> >> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
> >> at
> >> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
> >> at javax.naming.InitialContext.init(InitialContext.java:219)
> >> at
> >> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
> >> at ldap.LDAPTest.main(LDAPTest.java:34)
> >>
> >> My code is:
> >>
> >> Hashtable env = new Hashtable();
> >>
> >> env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
> >> env.put(Context.SECURITY_AUTHENTICATION,"simple");
> >> env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
> >> env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
> >> env.put(Context.PROVIDER_URL, "ldap://localhost:389");
> >>
> >> DirContext ctx = new InitialDirContext(env);
> >>
> >> This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft is
> >> added to the member attribute of Administrators also.
> >>
> >> Any help is really appreciated.
> >>
> >> Thanks
> >> Ravi
> >>
> >
> >

You can connect using the same username without password??? Using which
tool?

Try to take a sniff of the exchange in both cases (ldp vs jndi) and compare.
Sorry, I cannot give you much help on JNDI, wrong forum :)

--
Dmitri Gavrilov
SDE, Active Directory team

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

<ravi311@gmail.com> wrote in message
news:1157991015.380701.115760@p79g2000cwp.googlegroups.com...
> Thanks Dmitri for your response. If the user is disabled I wouldn't be
> able to connect via ldp, but I can connect and bind through ldp and
> also I can connect to ADAM using same username without password.
>
> Thanks
> Ravi
>
> Dmitri Gavrilov [MSFT] wrote:
>> ERROR_WRONG_PASSWORD is an error that ADAM returns when it does not like
>> your creds. We recently fixed this in LH, it now returns
>> ERROR_INVALID_CREDENTIALS.
>>
>> I bet the user is disabled.
>>
>> --
>> Dmitri Gavrilov
>> SDE, Active Directory team
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> Use of included script samples are subject to the terms specified at
>> http://www.microsoft.com/info/cpyright.htm
>>
>> "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message
>> news:%23oChCB80GHA.476@TK2MSFTNGP06.phx.gbl...
>> > Can you do a simple bind with this account with ldp.exe (comes with
>> > ADAM)?
>> > I'd suggest trying that first. The error code you are getting, 52b, is
>> > a
>> > little weird. According to err.exe, that translates to:
>> >
>> > # for hex 0x52b / decimal 1323 :
>> > ERROR_WRONG_PASSWORD
>> > winerror.h
>> > # Unable to update the password. The value provided as the
>> > # current password is incorrect.
>> > # 1 matches found for "52b"
>> >
>> > That looks like an error you would get when trying a change password
>> > operation, not a bind. But maybe the password is just wrong? In any
>> > event, trying a bind with ldp is a good start. Perhaps the account is
>> > not
>> > enabled or something.
>> >
>> > It may also be worth knowing that you can use the UPN or displayName as
>> > a
>> > binding username if you set those. You don't have to use the DN with
>> > ADAM.
>> >
>> > Joe K.
>> > --
>> > Joe Kaplan-MS MVP Directory Services Programming
>> > Co-author of "The .NET Developer's Guide to Directory Services
>> > Programming"
>> > http://www.directoryprogramming.net
>> > --
>> > <ravi311@gmail.com> wrote in message
>> > news:1157752767.988850.130500@e3g2000cwe.googlegroups.com...
>> >> Hi ,
>> >>
>> >> I have created an ADAM instance and trying to connect to it
>> >> through JNDI, but I am getting this error.
>> >>
>> >> Problem searching directory: javax.naming.AuthenticationException:
>> >> [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment:
>> >> AcceptSecurityContext error, data 52b, va28]
>> >> javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C:
>> >> LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data
>> >> 52b,
>> >> va28]
>> >> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
>> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
>> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
>> >> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
>> >> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
>> >> at
>> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>> >> at
>> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>> >> at
>> >> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>> >> at
>> >> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>> >> at
>> >> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
>> >> at
>> >> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
>> >> at javax.naming.InitialContext.init(InitialContext.java:219)
>> >> at
>> >> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
>> >> at ldap.LDAPTest.main(LDAPTest.java:34)
>> >>
>> >> My code is:
>> >>
>> >> Hashtable env = new Hashtable();
>> >>
>> >> env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
>> >> env.put(Context.SECURITY_AUTHENTICATION,"simple");
>> >> env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
>> >> env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
>> >> env.put(Context.PROVIDER_URL, "ldap://localhost:389");
>> >>
>> >> DirContext ctx = new InitialDirContext(env);
>> >>
>> >> This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft is
>> >> added to the member attribute of Administrators also.
>> >>
>> >> Any help is really appreciated.
>> >>
>> >> Thanks
>> >> Ravi
>> >>
>> >
>> >
>

Using JNDI(simple java class no tool) I can connect to this ADAM
instance without giving the password. Thanks for your response.

Ravi


Dmitri Gavrilov [MSFT] wrote:
> You can connect using the same username without password??? Using which
> tool?
>
> Try to take a sniff of the exchange in both cases (ldp vs jndi) and compare.
> Sorry, I cannot give you much help on JNDI, wrong forum :)
>
> --
> Dmitri Gavrilov
> SDE, Active Directory team
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> <ravi311@gmail.com> wrote in message
> news:1157991015.380701.115760@p79g2000cwp.googlegroups.com...
> > Thanks Dmitri for your response. If the user is disabled I wouldn't be
> > able to connect via ldp, but I can connect and bind through ldp and
> > also I can connect to ADAM using same username without password.
> >
> > Thanks
> > Ravi
> >
> > Dmitri Gavrilov [MSFT] wrote:
> >> ERROR_WRONG_PASSWORD is an error that ADAM returns when it does not like
> >> your creds. We recently fixed this in LH, it now returns
> >> ERROR_INVALID_CREDENTIALS.
> >>
> >> I bet the user is disabled.
> >>
> >> --
> >> Dmitri Gavrilov
> >> SDE, Active Directory team
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >> Use of included script samples are subject to the terms specified at
> >> http://www.microsoft.com/info/cpyright.htm
> >>
> >> "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message
> >> news:%23oChCB80GHA.476@TK2MSFTNGP06.phx.gbl...
> >> > Can you do a simple bind with this account with ldp.exe (comes with
> >> > ADAM)?
> >> > I'd suggest trying that first. The error code you are getting, 52b, is
> >> > a
> >> > little weird. According to err.exe, that translates to:
> >> >
> >> > # for hex 0x52b / decimal 1323 :
> >> > ERROR_WRONG_PASSWORD
> >> > winerror.h
> >> > # Unable to update the password. The value provided as the
> >> > # current password is incorrect.
> >> > # 1 matches found for "52b"
> >> >
> >> > That looks like an error you would get when trying a change password
> >> > operation, not a bind. But maybe the password is just wrong? In any
> >> > event, trying a bind with ldp is a good start. Perhaps the account is
> >> > not
> >> > enabled or something.
> >> >
> >> > It may also be worth knowing that you can use the UPN or displayName as
> >> > a
> >> > binding username if you set those. You don't have to use the DN with
> >> > ADAM.
> >> >
> >> > Joe K.
> >> > --
> >> > Joe Kaplan-MS MVP Directory Services Programming
> >> > Co-author of "The .NET Developer's Guide to Directory Services
> >> > Programming"
> >> > http://www.directoryprogramming.net
> >> > --
> >> > <ravi311@gmail.com> wrote in message
> >> > news:1157752767.988850.130500@e3g2000cwe.googlegroups.com...
> >> >> Hi ,
> >> >>
> >> >> I have created an ADAM instance and trying to connect to it
> >> >> through JNDI, but I am getting this error.
> >> >>
> >> >> Problem searching directory: javax.naming.AuthenticationException:
> >> >> [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment:
> >> >> AcceptSecurityContext error, data 52b, va28]
> >> >> javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C:
> >> >> LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data
> >> >> 52b,
> >> >> va28]
> >> >> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
> >> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
> >> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
> >> >> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
> >> >> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
> >> >> at
> >> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> >> >> at
> >> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> >> >> at
> >> >> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> >> >> at
> >> >> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> >> >> at
> >> >> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
> >> >> at
> >> >> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
> >> >> at javax.naming.InitialContext.init(InitialContext.java:219)
> >> >> at
> >> >> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
> >> >> at ldap.LDAPTest.main(LDAPTest.java:34)
> >> >>
> >> >> My code is:
> >> >>
> >> >> Hashtable env = new Hashtable();
> >> >>
> >> >> env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
> >> >> env.put(Context.SECURITY_AUTHENTICATION,"simple");
> >> >> env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
> >> >> env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
> >> >> env.put(Context.PROVIDER_URL, "ldap://localhost:389");
> >> >>
> >> >> DirContext ctx = new InitialDirContext(env);
> >> >>
> >> >> This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft is
> >> >> added to the member attribute of Administrators also.
> >> >>
> >> >> Any help is really appreciated.
> >> >>
> >> >> Thanks
> >> >> Ravi
> >> >>
> >> >
> >> >
> >

But do you get authenticated? Can you read anything in ADAM?
Again, getting sniff for all these cases might give you a clue as to what's
going on.

--
Dmitri Gavrilov
SDE, Active Directory team

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

<ravi311@gmail.com> wrote in message
news:1157994422.233009.304390@q16g2000cwq.googlegroups.com...
> Using JNDI(simple java class no tool) I can connect to this ADAM
> instance without giving the password. Thanks for your response.
>
> Ravi
>
>
> Dmitri Gavrilov [MSFT] wrote:
>> You can connect using the same username without password??? Using which
>> tool?
>>
>> Try to take a sniff of the exchange in both cases (ldp vs jndi) and
>> compare.
>> Sorry, I cannot give you much help on JNDI, wrong forum :)
>>
>> --
>> Dmitri Gavrilov
>> SDE, Active Directory team
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> Use of included script samples are subject to the terms specified at
>> http://www.microsoft.com/info/cpyright.htm
>>
>> <ravi311@gmail.com> wrote in message
>> news:1157991015.380701.115760@p79g2000cwp.googlegroups.com...
>> > Thanks Dmitri for your response. If the user is disabled I wouldn't be
>> > able to connect via ldp, but I can connect and bind through ldp and
>> > also I can connect to ADAM using same username without password.
>> >
>> > Thanks
>> > Ravi
>> >
>> > Dmitri Gavrilov [MSFT] wrote:
>> >> ERROR_WRONG_PASSWORD is an error that ADAM returns when it does not
>> >> like
>> >> your creds. We recently fixed this in LH, it now returns
>> >> ERROR_INVALID_CREDENTIALS.
>> >>
>> >> I bet the user is disabled.
>> >>
>> >> --
>> >> Dmitri Gavrilov
>> >> SDE, Active Directory team
>> >>
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> rights.
>> >> Use of included script samples are subject to the terms specified at
>> >> http://www.microsoft.com/info/cpyright.htm
>> >>
>> >> "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in
>> >> message
>> >> news:%23oChCB80GHA.476@TK2MSFTNGP06.phx.gbl...
>> >> > Can you do a simple bind with this account with ldp.exe (comes with
>> >> > ADAM)?
>> >> > I'd suggest trying that first. The error code you are getting, 52b,
>> >> > is
>> >> > a
>> >> > little weird. According to err.exe, that translates to:
>> >> >
>> >> > # for hex 0x52b / decimal 1323 :
>> >> > ERROR_WRONG_PASSWORD
>> >> > winerror.h
>> >> > # Unable to update the password. The value provided as the
>> >> > # current password is incorrect.
>> >> > # 1 matches found for "52b"
>> >> >
>> >> > That looks like an error you would get when trying a change password
>> >> > operation, not a bind. But maybe the password is just wrong? In
>> >> > any
>> >> > event, trying a bind with ldp is a good start. Perhaps the account
>> >> > is
>> >> > not
>> >> > enabled or something.
>> >> >
>> >> > It may also be worth knowing that you can use the UPN or displayName
>> >> > as
>> >> > a
>> >> > binding username if you set those. You don't have to use the DN
>> >> > with
>> >> > ADAM.
>> >> >
>> >> > Joe K.
>> >> > --
>> >> > Joe Kaplan-MS MVP Directory Services Programming
>> >> > Co-author of "The .NET Developer's Guide to Directory Services
>> >> > Programming"
>> >> > http://www.directoryprogramming.net
>> >> > --
>> >> > <ravi311@gmail.com> wrote in message
>> >> > news:1157752767.988850.130500@e3g2000cwe.googlegroups.com...
>> >> >> Hi ,
>> >> >>
>> >> >> I have created an ADAM instance and trying to connect to it
>> >> >> through JNDI, but I am getting this error.
>> >> >>
>> >> >> Problem searching directory: javax.naming.AuthenticationException:
>> >> >> [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment:
>> >> >> AcceptSecurityContext error, data 52b, va28]
>> >> >> javax.naming.AuthenticationException: [LDAP: error code 49 -
>> >> >> 8009030C:
>> >> >> LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data
>> >> >> 52b,
>> >> >> va28]
>> >> >> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
>> >> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
>> >> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
>> >> >> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
>> >> >> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
>> >> >> at
>> >> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>> >> >> at
>> >> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>> >> >> at
>> >> >> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>> >> >> at
>> >> >> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>> >> >> at
>> >> >> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
>> >> >> at
>> >> >> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
>> >> >> at javax.naming.InitialContext.init(InitialContext.java:219)
>> >> >> at
>> >> >> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
>> >> >> at ldap.LDAPTest.main(LDAPTest.java:34)
>> >> >>
>> >> >> My code is:
>> >> >>
>> >> >> Hashtable env = new Hashtable();
>> >> >>
>> >> >> env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
>> >> >> env.put(Context.SECURITY_AUTHENTICATION,"simple");
>> >> >> env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
>> >> >> env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
>> >> >> env.put(Context.PROVIDER_URL, "ldap://localhost:389");
>> >> >>
>> >> >> DirContext ctx = new InitialDirContext(env);
>> >> >>
>> >> >> This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft is
>> >> >> added to the member attribute of Administrators also.
>> >> >>
>> >> >> Any help is really appreciated.
>> >> >>
>> >> >> Thanks
>> >> >> Ravi
>> >> >>
>> >> >
>> >> >
>> >
>

I was able to read all the attributes of that user without giving the
password. I am sorry but what do you mean by getting sniff of this case
and how do I do that.

Thanks
Ravi


Dmitri Gavrilov [MSFT] wrote:
> But do you get authenticated? Can you read anything in ADAM?
> Again, getting sniff for all these cases might give you a clue as to what's
> going on.
>
> --
> Dmitri Gavrilov
> SDE, Active Directory team
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> <ravi311@gmail.com> wrote in message
> news:1157994422.233009.304390@q16g2000cwq.googlegroups.com...
> > Using JNDI(simple java class no tool) I can connect to this ADAM
> > instance without giving the password. Thanks for your response.
> >
> > Ravi
> >
> >
> > Dmitri Gavrilov [MSFT] wrote:
> >> You can connect using the same username without password??? Using which
> >> tool?
> >>
> >> Try to take a sniff of the exchange in both cases (ldp vs jndi) and
> >> compare.
> >> Sorry, I cannot give you much help on JNDI, wrong forum :)
> >>
> >> --
> >> Dmitri Gavrilov
> >> SDE, Active Directory team
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >> Use of included script samples are subject to the terms specified at
> >> http://www.microsoft.com/info/cpyright.htm
> >>
> >> <ravi311@gmail.com> wrote in message
> >> news:1157991015.380701.115760@p79g2000cwp.googlegroups.com...
> >> > Thanks Dmitri for your response. If the user is disabled I wouldn't be
> >> > able to connect via ldp, but I can connect and bind through ldp and
> >> > also I can connect to ADAM using same username without password.
> >> >
> >> > Thanks
> >> > Ravi
> >> >
> >> > Dmitri Gavrilov [MSFT] wrote:
> >> >> ERROR_WRONG_PASSWORD is an error that ADAM returns when it does not
> >> >> like
> >> >> your creds. We recently fixed this in LH, it now returns
> >> >> ERROR_INVALID_CREDENTIALS.
> >> >>
> >> >> I bet the user is disabled.
> >> >>
> >> >> --
> >> >> Dmitri Gavrilov
> >> >> SDE, Active Directory team
> >> >>
> >> >> This posting is provided "AS IS" with no warranties, and confers no
> >> >> rights.
> >> >> Use of included script samples are subject to the terms specified at
> >> >> http://www.microsoft.com/info/cpyright.htm
> >> >>
> >> >> "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in
> >> >> message
> >> >> news:%23oChCB80GHA.476@TK2MSFTNGP06.phx.gbl...
> >> >> > Can you do a simple bind with this account with ldp.exe (comes with
> >> >> > ADAM)?
> >> >> > I'd suggest trying that first. The error code you are getting, 52b,
> >> >> > is
> >> >> > a
> >> >> > little weird. According to err.exe, that translates to:
> >> >> >
> >> >> > # for hex 0x52b / decimal 1323 :
> >> >> > ERROR_WRONG_PASSWORD
> >> >> > winerror.h
> >> >> > # Unable to update the password. The value provided as the
> >> >> > # current password is incorrect.
> >> >> > # 1 matches found for "52b"
> >> >> >
> >> >> > That looks like an error you would get when trying a change password
> >> >> > operation, not a bind. But maybe the password is just wrong? In
> >> >> > any
> >> >> > event, trying a bind with ldp is a good start. Perhaps the account
> >> >> > is
> >> >> > not
> >> >> > enabled or something.
> >> >> >
> >> >> > It may also be worth knowing that you can use the UPN or displayName
> >> >> > as
> >> >> > a
> >> >> > binding username if you set those. You don't have to use the DN
> >> >> > with
> >> >> > ADAM.
> >> >> >
> >> >> > Joe K.
> >> >> > --
> >> >> > Joe Kaplan-MS MVP Directory Services Programming
> >> >> > Co-author of "The .NET Developer's Guide to Directory Services
> >> >> > Programming"
> >> >> > http://www.directoryprogramming.net
> >> >> > --
> >> >> > <ravi311@gmail.com> wrote in message
> >> >> > news:1157752767.988850.130500@e3g2000cwe.googlegroups.com...
> >> >> >> Hi ,
> >> >> >>
> >> >> >> I have created an ADAM instance and trying to connect to it
> >> >> >> through JNDI, but I am getting this error.
> >> >> >>
> >> >> >> Problem searching directory: javax.naming.AuthenticationException:
> >> >> >> [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336, comment:
> >> >> >> AcceptSecurityContext error, data 52b, va28]
> >> >> >> javax.naming.AuthenticationException: [LDAP: error code 49 -
> >> >> >> 8009030C:
> >> >> >> LdapErr: DSID-0C090336, comment: AcceptSecurityContext error, data
> >> >> >> 52b,
> >> >> >> va28]
> >> >> >> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
> >> >> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
> >> >> >> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
> >> >> >> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
> >> >> >> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
> >> >> >> at
> >> >> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> >> >> >> at
> >> >> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> >> >> >> at
> >> >> >> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> >> >> >> at
> >> >> >> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> >> >> >> at
> >> >> >> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
> >> >> >> at
> >> >> >> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
> >> >> >> at javax.naming.InitialContext.init(InitialContext.java:219)
> >> >> >> at
> >> >> >> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
> >> >> >> at ldap.LDAPTest.main(LDAPTest.java:34)
> >> >> >>
> >> >> >> My code is:
> >> >> >>
> >> >> >> Hashtable env = new Hashtable();
> >> >> >>
> >> >> >> env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
> >> >> >> env.put(Context.SECURITY_AUTHENTICATION,"simple");
> >> >> >> env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
> >> >> >> env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
> >> >> >> env.put(Context.PROVIDER_URL, "ldap://localhost:389");
> >> >> >>
> >> >> >> DirContext ctx = new InitialDirContext(env);
> >> >> >>
> >> >> >> This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft is
> >> >> >> added to the member attribute of Administrators also.
> >> >> >>
> >> >> >> Any help is really appreciated.
> >> >> >>
> >> >> >> Thanks
> >> >> >> Ravi
> >> >> >>
> >> >> >
> >> >> >
> >> >
> >

He means using a packet sniffer like Ethereal or netmon to look at the
actual wire traffic. If we could see the capture files, it would allow us
to see what the JDNI stack is actually doing in terms of an LDAP bind in
terms of the network wire traffic/LDAP protocol level.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<ravi311@gmail.com> wrote in message
news:1158000007.986491.232440@q16g2000cwq.googlegroups.com...
>I was able to read all the attributes of that user without giving the
> password. I am sorry but what do you mean by getting sniff of this case
> and how do I do that.
>
> Thanks
> Ravi
>
>
> Dmitri Gavrilov [MSFT] wrote:
>> But do you get authenticated? Can you read anything in ADAM?
>> Again, getting sniff for all these cases might give you a clue as to
>> what's
>> going on.
>>
>> --
>> Dmitri Gavrilov
>> SDE, Active Directory team
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> Use of included script samples are subject to the terms specified at
>> http://www.microsoft.com/info/cpyright.htm
>>
>> <ravi311@gmail.com> wrote in message
>> news:1157994422.233009.304390@q16g2000cwq.googlegroups.com...
>> > Using JNDI(simple java class no tool) I can connect to this ADAM
>> > instance without giving the password. Thanks for your response.
>> >
>> > Ravi
>> >
>> >
>> > Dmitri Gavrilov [MSFT] wrote:
>> >> You can connect using the same username without password??? Using
>> >> which
>> >> tool?
>> >>
>> >> Try to take a sniff of the exchange in both cases (ldp vs jndi) and
>> >> compare.
>> >> Sorry, I cannot give you much help on JNDI, wrong forum :)
>> >>
>> >> --
>> >> Dmitri Gavrilov
>> >> SDE, Active Directory team
>> >>
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> rights.
>> >> Use of included script samples are subject to the terms specified at
>> >> http://www.microsoft.com/info/cpyright.htm
>> >>
>> >> <ravi311@gmail.com> wrote in message
>> >> news:1157991015.380701.115760@p79g2000cwp.googlegroups.com...
>> >> > Thanks Dmitri for your response. If the user is disabled I wouldn't
>> >> > be
>> >> > able to connect via ldp, but I can connect and bind through ldp and
>> >> > also I can connect to ADAM using same username without password.
>> >> >
>> >> > Thanks
>> >> > Ravi
>> >> >
>> >> > Dmitri Gavrilov [MSFT] wrote:
>> >> >> ERROR_WRONG_PASSWORD is an error that ADAM returns when it does not
>> >> >> like
>> >> >> your creds. We recently fixed this in LH, it now returns
>> >> >> ERROR_INVALID_CREDENTIALS.
>> >> >>
>> >> >> I bet the user is disabled.
>> >> >>
>> >> >> --
>> >> >> Dmitri Gavrilov
>> >> >> SDE, Active Directory team
>> >> >>
>> >> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> >> rights.
>> >> >> Use of included script samples are subject to the terms specified
>> >> >> at
>> >> >> http://www.microsoft.com/info/cpyright.htm
>> >> >>
>> >> >> "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in
>> >> >> message
>> >> >> news:%23oChCB80GHA.476@TK2MSFTNGP06.phx.gbl...
>> >> >> > Can you do a simple bind with this account with ldp.exe (comes
>> >> >> > with
>> >> >> > ADAM)?
>> >> >> > I'd suggest trying that first. The error code you are getting,
>> >> >> > 52b,
>> >> >> > is
>> >> >> > a
>> >> >> > little weird. According to err.exe, that translates to:
>> >> >> >
>> >> >> > # for hex 0x52b / decimal 1323 :
>> >> >> > ERROR_WRONG_PASSWORD
>> >> >> > winerror.h
>> >> >> > # Unable to update the password. The value provided as the
>> >> >> > # current password is incorrect.
>> >> >> > # 1 matches found for "52b"
>> >> >> >
>> >> >> > That looks like an error you would get when trying a change
>> >> >> > password
>> >> >> > operation, not a bind. But maybe the password is just wrong? In
>> >> >> > any
>> >> >> > event, trying a bind with ldp is a good start. Perhaps the
>> >> >> > account
>> >> >> > is
>> >> >> > not
>> >> >> > enabled or something.
>> >> >> >
>> >> >> > It may also be worth knowing that you can use the UPN or
>> >> >> > displayName
>> >> >> > as
>> >> >> > a
>> >> >> > binding username if you set those. You don't have to use the DN
>> >> >> > with
>> >> >> > ADAM.
>> >> >> >
>> >> >> > Joe K.
>> >> >> > --
>> >> >> > Joe Kaplan-MS MVP Directory Services Programming
>> >> >> > Co-author of "The .NET Developer's Guide to Directory Services
>> >> >> > Programming"
>> >> >> > http://www.directoryprogramming.net
>> >> >> > --
>> >> >> > <ravi311@gmail.com> wrote in message
>> >> >> > news:1157752767.988850.130500@e3g2000cwe.googlegroups.com...
>> >> >> >> Hi ,
>> >> >> >>
>> >> >> >> I have created an ADAM instance and trying to connect to it
>> >> >> >> through JNDI, but I am getting this error.
>> >> >> >>
>> >> >> >> Problem searching directory:
>> >> >> >> javax.naming.AuthenticationException:
>> >> >> >> [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090336,
>> >> >> >> comment:
>> >> >> >> AcceptSecurityContext error, data 52b, va28]
>> >> >> >> javax.naming.AuthenticationException: [LDAP: error code 49 -
>> >> >> >> 8009030C:
>> >> >> >> LdapErr: DSID-0C090336, comment: AcceptSecurityContext error,
>> >> >> >> data
>> >> >> >> 52b,
>> >> >> >> va28]
>> >> >> >> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
>> >> >> >> at
>> >> >> >> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
>> >> >> >> at
>> >> >> >> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
>> >> >> >> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
>> >> >> >> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
>> >> >> >> at
>> >> >> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>> >> >> >> at
>> >> >> >> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>> >> >> >> at
>> >> >> >> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>> >> >> >> at
>> >> >> >> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>> >> >> >> at
>> >> >> >> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
>> >> >> >> at
>> >> >> >> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
>> >> >> >> at javax.naming.InitialContext.init(InitialContext.java:219)
>> >> >> >> at
>> >> >> >> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
>> >> >> >> at ldap.LDAPTest.main(LDAPTest.java:34)
>> >> >> >>
>> >> >> >> My code is:
>> >> >> >>
>> >> >> >> Hashtable env = new Hashtable();
>> >> >> >>
>> >> >> >> env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
>> >> >> >> env.put(Context.SECURITY_AUTHENTICATION,"simple");
>> >> >> >> env.put(Context.SECURITY_PRINCIPAL,"CN=rxg9999,OU=people,OU=clinical,O=Microsoft");
>> >> >> >> env.put(Context.SECURITY_CREDENTIALS,"q1w2e3");
>> >> >> >> env.put(Context.PROVIDER_URL, "ldap://localhost:389");
>> >> >> >>
>> >> >> >> DirContext ctx = new InitialDirContext(env);
>> >> >> >>
>> >> >> >> This DN CN=rxg9999,OU=people,OU=clinical,O=Microsoft
>> >> >> >> is
>> >> >> >> added to the member attribute of Administrators also.
>> >> >> >>
>> >> >> >> Any help is really appreciated.
>> >> >> >>
>> >> >> >> Thanks
>> >> >> >> Ravi
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >
>> >
>