Cannot start IdentityAccessManager: AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839
Article ID: 203792
Updated On:
Products
Issue/Introduction
Cannot start IAM in production environment.
This error is in the server.log:
2020-11-13 20:18:28,030 ERROR [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (ServerService Thread Pool -- 48) Could not query server using DN [OU=Client,DC=ad1,DC=prod] and filter [(&(cn=abc12345)(objectclass=person)(objectclass=organizationalPerson)(objectclass=user))]: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3136)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
LDAP Password was recently changed.
Environment
Release : 10.5
Component : CA Service Virtualization
Cause
Bind Credential password had been changed.
Resolution
LDAP information stored in the Database.
1. Ran these queries against the IAM database:
select * from COMPONENT_CONFIG where NAME='enabled' and COMPONENT_ID in (select ID from COMPONENT where PROVIDER_ID='ldap')
update COMPONENT_CONFIG set value='false' where NAME='enabled' and COMPONENT_ID in (select ID from COMPONENT where PROVIDER_ID='ldap')
select username,enabled from USER_ENTITY where USERNAME='admin'
2. Logged into IAM as admin/admin.
3. Bring up User Federation.
4. Need to set Enabled to ON.
5. Scroll down to Bind Credentials field and type in the correct password.
6. Scroll down to bottom and click Save.
7. Repeat for each User Federation.
Feedback
