LDAP error code 49 in Policy Server with Active Directory
search cancel

LDAP error code 49 in Policy Server with Active Directory

book

Article ID: 54575

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction


What does "LDAP: error code 49" mean when Microsoft Active Directory is used by the Policy Server as User Directory?

 

Cause


The Policy Server reports Error 49 when the user credentials are invalid.

With Active Directory as the user store, error 49 may appear for multiple reasons.

In the Policy Server log, error 49 is followed by a date code, and this data code gives the exact reason for unsuccessful authentication.

Take the following sample from the Policy Server smps.log:

  [SmDsLdapProvider.cpp:2323][ERROR] (AuthenticateUser) DN: 'CN=xxxxx,OU=People,OU=Dealers,OU=External Business Units, DC=example ,DC=com' . Status: Error 49 . 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893

In this example, "52e" means "invalid credentials".

 

Resolution


The Active Directory specific error code is the one after "data" and before "vece" or "v893" in the actual error string in the smps log.

  • 525 - User not found
  • 52e - Invalid credentials
  • 530 - Not permitted to logon at this time
  • 531 - Not permitted to logon at this workstation
  • 532 - Password expired
  • 533 - Account disabled
  • 701 - Account expired
  • 773 - User must reset password
  • 775 - User account locked

 

Powered by Wolken Software