'LDAP: error code 49' with Microsoft Active Directory
Article ID: 54575
Updated On:
Products
Issue/Introduction
What does LDAP: error code 49 mean with Microsoft Active Directory?
Environment
Component: SMPLC
Cause
The Policy Server reports Error 49 when the user credentials are invalid. With Active Directory as the user store, error 49 may appear for multiple reasons.
In the Policy Server log, error 49 is followed by a data code, and this data code gives the exact reason of unsuccessful authentication.
For e.g. from the smps.log:
[SmDsLdapProvider.cpp:2323][ERROR] (AuthenticateUser) DN: 'CN=xxxxx,OU=People,OU=Dealers,OU=External Business Units,
DC=a,DC=com' . Status: Error 49 . 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
In this example: 52e means invalid credentials.
Resolution
The AD-specific error code is the one after "data" and before "vece" or "v893" in the actual error string in the smps log
| 525 | user not found |
| 52e | invalid credentials |
| 530 | not permitted to logon at this time |
| 531 | not permitted to logon at this workstation |
| 532 | password expired |
| 533 | account disabled |
| 701 | account expired |
| 773 | user must reset password |
| 775 | user account locked |
Additional Information
for more details, please check the IBM website : http://www-1.ibm.com/support/docview.wss?rs=688&uid=swg21290631
Feedback
