Common Active Directory LDAP bind errors
search cancel

Common Active Directory LDAP bind errors

book

Article ID: 51487

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

This document provides a 'quick list' of common Active Directory LDAP bind errors that occur.

To further help the customer, it also details how to lookup these errors messages.

It also provides the lookup results of the same 'quick list' errors.



Environment

Release:
Component: SMPLC

Resolution

A quick list of common Active Directory LDAP bind errors and their meaning:

525 - user not found
52e - invalid credentials
530 - not permitted to logon at this time
532 - password expired
533 - account disabled
701 - account expired
773 - user must reset password
775 - account locked

Steps to determine the meaning of the error codes.

  1. Note the data value from the error you see.
    For ex. "52e"

    Not Authenticated. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e,vece
     
  2. Check the quicklist above or convert the data value from hexadecimal to decimal.
    "52e" is 0x52e in hex which converts to a decimal value of 1326
     
  3. Lookup the decimal data value on Microsoft's MSDN System Error Codes lists
    http://msdn.microsoft.com/en-us/library/ms681381(VS.85).aspx
     
  4. For a decimal value of 1326, the list shows:
    ERROR_LOGON_FAILURE
    1326 (0x52E) Logon failure: unknown user name or bad password.

For your convenience, the lookup results of quick list have been provided.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
DATA: 525
HEX: 0x525
DEC: 1317 - ERROR_NO_SUCH_USER
The specified account does not exist.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
DATA: 52e
HEX: 0x52e
DEC: 1326 - ERROR_LOGON_FAILURE
Logon failure: unknown user name or bad password.
*note:most common reason is invalid password

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 530, v893
DATA: 530
HEX: 0x530
DEC: 1328 - ERROR_INVALID_LOGON_HOURS
Logon failure: account logon time restriction violation.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893
DATA 531
HEX: 0x531
DEC: 1329 - ERROR_INVALID_WORKSTATION
Logon failure: user not allowed to log on to this computer.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893
DATA: 532
HEX: 0x532
DEC: 1330 - ERROR_PASSWORD_EXPIRED
Logon failure: the specified account password has expired.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 533, v893
DATA: 533
HEX: 0x533
DEC: 1331 - ERROR_ACCOUNT_DISABLED
Logon failure: account currently disabled.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 701, v893
DATA: 701
HEX: 0x701
DEC: 1793 - ERROR_ACCOUNT_EXPIRED
The user's account has expired.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 773, v893
DATA: 773
HEX: 0x773
DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE
The user's password must be changed before logging on the first time.

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 775, v893
DATA: 775
HEX: 0x775
DEC: 1909 - ERROR_ACCOUNT_LOCKED_OUT
The referenced account is currently locked out and may not be logged on to.
*note:occurs even if invalid password is presented.

Additional Information

This has been incorporated into the documentation. Please visit 
docops.ca.com for your version for updated information