LDAP error 49 - unable to authenticate
search cancel

LDAP error 49 - unable to authenticate

book

Article ID: 89964

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic One Automation

Issue/Introduction

Symptoms

Setting LDAP SSL on Automic but whenever "Synchronize" is clicked on AWI a popup error is returned with "LDAP error code 49"

 

Logs

20150902/120629.189 - U00045033 Log on to LDAP server 'ABC1.DEE.AD.TEST.EXAMPLE.ORG:777' with user 'DEE.AD.TEST.EXAMPLE.ORG\TESTABC@TEST.EXAMPLE.ORG'. 
20150902/120629.404 - U00045035 Detected Microsoft LDAP Server.
20150902/120629.459 - U00045014 Exception 'javax.naming.AuthenticationException: "[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580 
20150902/120629.460 - U00045040 LDAP check with logon user 'DEE.AD.TEST.EXAMPLE.ORG\TESTABC@TEST.EXAMPLE.ORG' failed. 

 

Another example:

20250410/114558.912 - 34     U00045033 Log on to LDAP server 'ldapserver_hostname:636' with user 'local.domain.country_code\username'.

20250410/114558.969 - 34     U00045014 Exception 'javax.naming.AuthenticationException: "[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090510, comment: AcceptSecurityContext error, data 52e, v4563]"' at 'com.sun.jndi.ldap.LdapCtx.mapErrorCode():3259'.
20250410/114558.969 - 34     U00045040 LDAP check with logon user 'local.domain.country_code\username' failed.

Environment

Automation Engine 21.x and 24.x

Cause

The cause on most cases is a wrong syntax used in the Login object to connect to the LDAP server (either format domain\username not respected or wrong password).

Resolution

This error message we see: LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580 

The Automation Engine just logs the message it receives from the LDAP server, which says 'error code 49'. According to the RFC specification for LDAP this means 'invalid credentials'.


-Verified that Username/Password provide is correct
-Verified that username & domain name in the configuration is correct.

 

For example, if you are using a login object in the UC_LDAP_DOMAIN, please make sure that the format of the username respects the syntax:

Domain\Username or [email protected]

Example: example\username or [email protected]

On the example above, with 'local.domain.country_code\username' the solution is to set domain\username instead of local.domain.country_code\username in the login object as Username value.