active-directoryldapldapconnection

LDAPException when trying to connect using userPrincipalName


We made a new enhancement to the client around LDAP, to enable login using userPrincipalName. He was earlier using sAMAccountName for login. When the user tried to test the application in his test environment, he is getting the following error for userPrincipalName:

netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0 |#]

Which I know is because of invalid credentials of LDAP. But, when he is logging using sAMAccountName he is able to login.

My web application logs shows that when he is login with userPrincipalName, it is found in the LDAP but when it tries to connect to LDAP with the username and password, then the above exception is thrown.

Whereas, he is able to successfully login using sAMAccountName.

The Dn's used as something like below:

OU=IS (Technical Staff),OU=PXXX,DC=pxxx,DC=local , and
OU=Users,OU=PXXX,DC=pxxx,DC=local

Any help to further debug the issue would be highly appreciated.

Please let me know in case you need further details.

Do I need to make any changes for it to work?


Solution

  • The issue is resolved now. The problem was that for sAMAccountName, you need to append the LDAP Domain for login when I am trying to login from my java application.

    Where as for userPrincipalName, if you append the LDAP Domain, the login fails.

    So, modified code such that for userPrincipalName, We are not appending the LDAP Domain, which resolved the issue.