MS AD LDAP bind errors.

MS AD LDAP bind errors.

LDAP error code 49 is the generic code for authentication error. 
https://helpdesk.lenovosoftware.com/portal/kb/articles/ldap-error-codes-22-8-2017 has the list of java ldap top level error codes. 


To fully understand the error you need the rest of the information. 

After turning on the debug, we can see the rest of the error. 
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ] 

So in this example, we want to look at: 
LDAP error code 49 = Authentication error 
data 525 = user not found 



The specific Active Directory code will tell you the exact cause: 
525 - user not found 
52e - invalid credentials 
530 - not permitted to logon at this time 
532 - password expired 
533 - account disabled 
569 - denied access to computer via network 
701 - account expired 
773 - user must reset password 
775 - account locked 




Common Active Directory LDAP bind errors: 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 
HEX: 0x525 - user not found 
DEC: 1317 - ERROR_NO_SUCH_USER (The specified account does not exist.) 
NOTE: Returns when username is invalid. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893 
HEX: 0x52e - invalid credentials 
DEC: 1326 - ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.) 
NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 530, v893 
HEX: 0x530 - not permitted to logon at this time 
DEC: 1328 - ERROR_INVALID_LOGON_HOURS (Logon failure: account logon time restriction violation.) 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893 
HEX: 0x531 - not permitted to logon from this workstation 
DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.) 
LDAP[userWorkstations: <multivalued list of workstation names>] 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893 
HEX: 0x532 - password expired 
DEC: 1330 - ERROR_PASSWORD_EXPIRED (Logon failure: the specified account password has expired.) 
LDAP[userAccountControl: <bitmask=0x00800000>] - PASSWORDEXPIRED 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 533, v893 
HEX: 0x533 - account disabled 
DEC: 1331 - ERROR_ACCOUNT_DISABLED (Logon failure: account currently disabled.) 
LDAP[userAccountControl: <bitmask=0x00000002>] - ACCOUNTDISABLE 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 701, v893 
HEX: 0x701 - account expired 
DEC: 1793 - ERROR_ACCOUNT_EXPIRED (The user’s account has expired.) 
LDAP[accountExpires: <value of -1, 0, or extemely large value indicates account will not expire>] - ACCOUNTEXPIRED 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 773, v893 
HEX: 0x773 - user must reset password 
DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE (The user’s password must be changed before logging on the first time.) 
LDAP[pwdLastSet: <value of 0 indicates admin-required password change>] - MUST_CHANGE_PASSWD 
NOTE: Returns only when presented with valid username and password/credential. 

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 775, v893 
HEX: 0x775 - account locked out 
DEC: 1909 - ERROR_ACCOUNT_LOCKED_OUT (The referenced account is currently locked out and may not be logged on to.) 
LDAP[userAccountControl: <bitmask=0x00000010>] - LOCKOUT 
NOTE: Returns even if invalid password is presented.

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...
      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...
      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...
      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
      • Related Articles

      • Common Microsoft AD LDAP bind errors.

        LDAP error code 49 is the generic code for authentication error. https://helpdesk.lenovosoftware.com/portal/kb/articles/ldap-error-codes-22-8-2017 has the list of java ldap top level error codes. To fully understand the error you need the rest of the ...
      • General MS AD LDAP information.

        General MS AD LDAP information
      • DNS Errors

        Customer is having issues talking to active directory and ran a dns test with the results INFO: exploring forest using domain controller: server1.company.com  >>>>>: (DNS) - testing domain: COMPANY  INFO: according to DNS, the following services are ...
      • LDAP Error Codes

        AcceptSecurityContext error, data 52e means "bad password" AcceptSecurityContext error, data 525 means "bad user name" AcceptSecurityContext error, data 773 means "password expiring" or similar.  Standard error codes Standard LDAP errors Error / data ...
      • Slow access to MS AD LDAP from OSX

        Customer is having slow access talking to MS AD via LDAP. WebNetwork is being run on a MAC OSX box and is using MS AD for Directory Services. The dns server is running on MS AD and the OSX box is pointing to that for its DNS information. Directory ...