'LDAP: error code 49' with Microsoft Active Directory
search cancel

'LDAP: error code 49' with Microsoft Active Directory

book

Article ID: 54575

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

What does LDAP: error code 49 mean with Microsoft Active Directory?

Environment

Release:
Component: SMPLC

Cause

The Policy Server reports Error 49 when the user credentials are invalid. With Active Directory as the user store, error 49 may appear for multiple reasons.

In the Policy Server log, error 49 is followed by a data code, and this data code gives the exact reason of unsuccessful authentication.

For e.g. from the smps.log:
[SmDsLdapProvider.cpp:2323][ERROR] (AuthenticateUser) DN: 'CN=xxxxx,OU=People,OU=Dealers,OU=External Business Units,
DC=a,DC=com' . Status: Error 49 . 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893

In this example: 52e means invalid credentials.

 

Resolution

The AD-specific error code is the one after "data" and before "vece" or "v893" in the actual error string in the smps log

525 user not found
52e invalid credentials
530 not permitted to logon at this time
531 not permitted to logon at this workstation
532 password expired
533 account disabled
701 account expired
773 user must reset password
775 user account locked

 

 

Additional Information

for more details, please check the IBM website : http://www-1.ibm.com/support/docview.wss?rs=688&uid=swg21290631