After changing users LDAP/AD password, login to ROC throws error LDAP: error code 49

book

Article ID: 207051

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio)

Issue/Introduction

Due to password expiry policy we change the LDAP user password and post which when we try to login to ROC we get below error.

Your login attempt was unsuccessful, try again.
Reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839].

 

Cause

After analysis we found below error in the logs and it reflect that the user used in directory server integration also have a new changed password which is not updated in the ROC directory servers, hence resulting in authentication failure.

2021-01-18T08:34:39.845+11:00 [CaAuthenticationManager$$Lambda$11/264530211-5082] ERROR (com.nolio.platform.server.dataservices.services.auth.providers.NolioLdapAuthenticationProvider:76) - Could not contact the LDAP server with the provided settings
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839 ]
 at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:182)
 at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:285)
 at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:119)
 at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:138)
 at com.nolio.platform.server.dataservices.services.auth.providers.NolioLdapAuthenticationProvider.init(NolioLdapAuthenticationProvider.java:68)
 at com.nolio.platform.server.dataservices.services.auth.CaAuthenticationManager.lambda$enableDisableAuthenticationProvider$3(CaAuthenticationManager.java:105)
 at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1382)

Environment

Release : 6.6, 6.7 or higher

Component : CA RELEASE AUTOMATION CORE

Resolution

Please follow the below steps

1: Login to ROC

2: Navigate to Administration -> User Management -> Directory Servers

3: Locate and edit the directory server for which user password is changed

4: Update the user password with new value and test connection

5: Try to login again with the LDAP users and it should be able to correctly contact LDAP/AD and authenticate user