LDAP integration is configured on the Operations Manager (Ops Manager) with a "LDAP Username" and "LDAP Password". If these credentials are no longer valid, then users can no longer connect to the Ops Manager UI.

When this happens, UAA logs on the Ops Manager show LDAP errors similar to the following:

[2021-08-30 07:09:40.281] uaa - 15459 [http-nio-127.0.0.1-8080-exec-8] .... ERROR --- UsernamePasswordAuthenticationFilter: An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580 ]
        at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206) ~[spring-security-ldap-5.1.6.RELEASE.jar:5.1.6.RELEASE]

The "data" code varies depending on the exact situation.

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Product Version: 2.10

Individual "data" codes for LDAP error code 49 are documented on this LDAP Wiki page. In order to resolve the issue, take the appropriate action corresponding to the "data" code, usually on LDAP side.

If necessary, Ops Manager can be set to Rescue Mode.