UIM CABI External - AD Authentication errors

book

Article ID: 211509

calendar_today

Updated On:

Products

DX Infrastructure Management

Issue/Introduction

We are able to configure CABI External to authenticate using our AD. Users can log in and run reports.  However, we noticed that there is an error each time the user logs in. Below is an excerpt from catalina.out log file.

Note that we are using encrypted password in the js.externalAuth.properties file.

2021-02-10 09:58:38,451 ERROR LDAPUserAttributesUtil,https-jsse-nio-443-exec-9:242 - LDAP Connection: FAILED
2021-02-10 09:58:38,461 ERROR CABIUtil,https-jsse-nio-443-exec-9:69 - com.ca.bicoe.cajasperserver.common.util.CABIExceptionForRunTime: javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0905A6, comment: AcceptSecurityContext error, data 52e, v3839^@]

Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0905A6, comment: AcceptSecurityContext error, data 52e, v3839^@]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
        at javax.naming.InitialContext.init(InitialContext.java:244)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
        at com.ca.bicoe.cajasperserver.preauth.sso.ldap.LDAPUserAttributesUtil.getLdapContext(LDAPUserAttributesUtil.java:239)

 

 

Environment

Release : 20.3

Component : UIM - CABI

Resolution

It looks like a configuration error in AD. The release notes of Jasper Server States this : 

And (https://social.technet.microsoft.com/Forums/ie/en-US/c98f3569-072a-4677-9b89-635ed2b8dffc/ldap-error-code-49-8009030c-ldaperr-dsid0c0903a9-comment-acceptsecuritycontext-error-data?forum=winserverDS),  

" The error code 49 related to LDAP is caused by the invalid credentials. Please refer to the following most possible causes.

1. The DN path or password which you have specified for the administrator is invalid. Any of the below will result in this error:

1). Pointed to non-user DN

2). Pointed to a non-existent user, but in existing DN
3). Pointed to non existent DN
4). Pointed to an existing user, but non existing DN
5). Pointed to an incorrect admin DN, uid instead of cn
6). Pointed to a non administrator user
7). Pointed to a valid admin but password is incorrect
 

2. Could not authenticate the user trying to login. This can be the result of an incorrect username or password, or an incorrect prefix and/or suffix specified in the Settings tab, depending on the type of LDAP/AD system. Could also mean the authentication type is incorrect."