powered by Jive Software

Authentication error with AD

Hello all,

I am trying to integrate WildFire with AD. Here is the part of my wildfire.xml:

    </searchFilter>          <groupNameField>cn</groupNameField>          <groupMemberField>member</groupMemberField>          <groupDescriptionField>description</groupDescriptionField>          <groupSearchFilter>
        <![CDATA[(&(objectClass=group)(memberOf=CN=Spark,OU=Common Groups,DC=REGION,DC=local)(member=))]]>

Then i am try to login into admin console the following error message is appear in debug.log:

2006.05.24 15:55:59 Trying to find a user’'s DN based on their username. sAMAccountName: itkin, Base DN: dc=REGION,dc=local…

2006.05.24 15:55:59 Creating a DirContext in LdapManager.getContext()…

2006.05.24 15:55:59 Created hashtable with context values, attempting to create context…

2006.05.24 15:55:59 Exception thrown when searching for userDN based on username ‘‘itkin’’

javax.naming.AuthenticationException: LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893

Any ideas on what I am doing wrong?

Thanks in advance!

From http://forum.java.sun.com/thread.jspa?messageID=4227692:

"Here is a list of Active Directory errors:

525 - user not found

52e - invalid credentials

530 - not permitted to logon at this time

532 - password expired

533 - account disabled

701 - account expired

773 - user must reset password"

Your error was 525, “user not found.” Make sure that your adminDN[/b] is correct. LDAP Browser http://www.ldapbrowser.com/ is very handy for troubleshooting these kinds of problems.

Does AD actually use OU? I’'d try changing it to

memberOf=CN=Spark,CN=Common Groups

or

memberOf=CN=Spark,CN=Users

to see if that works.

grimsy,

AD does use OUs, but the built-in Users[/i] folder are actually a CN. I’'m not sure why they do that. Any new folders created by the user are created as OUs, so the Common Groups[/i] object is mostly likely an OU since it looks like tdrbox[/b] created that that object.

Ah, I see. Thanks for the clarification there.

Hello, all!

The problem was in LDAP port, I just change port number form 389 to 3268. That is all. Now all fine.

Thanks a lot.