LDAP: error code 49

kadatskiy_dd · September 14, 2022, 6:47pm

hi
i enter user@domain and password

when trying to log in as a domain user, an error occurs

Caused by: org.springframework.security.authentication.CredentialsExpiredException

Caused by: org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 532, v3839 ]

my config

jmix.ldap.urls = ldap://dom-dc.company.ru:389
jmix.ldap.base-dn = dc=company,dc=ru
jmix.ldap.manager-dn= cn=asud,ou=Accounts,dc=company,dc=ru
jmix.ldap.manager-password = password
jmix.ldap.user-search-filter = (sAMAccountName={0})
jmix.ldap.synchronizeRoleAssignments = false
jmix.ldap.use-active-directory-configuration=true
jmix.ldap.default-roles=ui-minimal

password is not Expired in AD

thx

gorbunkov · September 16, 2022, 12:12pm

Hi,
does the sAMAccountName attribute contain the value with domain (user@domain) and not the user only? Try entering the username without domain or change the user-search-filter to something like (&(objectClass=user)(userPrincipalName={0})) as documentation suggests.