LDAP error

Active Directory LDAP Errors

 

   Here is a list of Active Directory errors:
   525 - user not found
   52e - invalid credentials
   530 - not permitted to logon at this time
   532 - password expired
   533 - account disabled
   701 - account expired
   773 - user must reset password

LDAP: error code 49

 

Something I’ve copied from here: http://forum.java.sun.com/thread.jspa?messageID=4227692

Just to find it easily:

Common Active Directory LDAP bind errors:

• 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893

 HEX: 0×525 - user not found
 DEC: 1317 - ERROR_NO_SUCH_USER (The specified account does not exist.)
 NOTE: Returns when username is invalid.

• 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893

 HEX: 0×52e - invalid credentials
 DEC: 1326 - ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.)
 NOTE: Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

• 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 530, v893

 HEX: 0×530 - not permitted to logon at this time
 DEC: 1328 - ERROR_INVALID_LOGON_HOURS (Logon failure: account logon time restriction violation.)
 NOTE: Returns only when presented with valid username and password/credential.

• 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893

 HEX: 0×531 - not permitted to logon from this workstation
 DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.)
 LDAP[userWorkstations: <multivalued list of workstation names>]
 NOTE: Returns only when presented with valid username and password/credential.

• 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893

 HEX: 0×532 - password expired
 DEC: 1330 - ERROR_PASSWORD_EXPIRED (Logon failure: the specified account password has expired.)
 LDAP[userAccountControl: <bitmask=0x00800000>] - PASSWORDEXPIRED
 NOTE: Returns only when presented with valid username and password/credential.

• 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 533, v893

 HEX: 0×533 - account disabled
 DEC: 1331 - ERROR_ACCOUNT_DISABLED (Logon failure: account currently disabled.)
 LDAP[userAccountControl: <bitmask=0x00000002>] - ACCOUNTDISABLE
 NOTE: Returns only when presented with valid username and password/credential.

• 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 701, v893

 HEX: 0×701 - account expired
 DEC: 1793 - ERROR_ACCOUNT_EXPIRED (The user’s account has expired.)
 LDAP[accountExpires: <value of -1, 0, or extemely large value indicates account will not expire>] - ACCOUNTEXPIRED
 NOTE: Returns only when presented with valid username and password/credential.

• 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 773, v893

 HEX: 0×773 - user must reset password
 DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE (The user’s password must be changed before logging on the first time.)
 LDAP[pwdLastSet: <value of 0 indicates admin-required password change>] - MUST_CHANGE_PASSWD
 NOTE: Returns only when presented with valid username and password/credential.

• 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 775, v893

 HEX: 0×775 - account locked out
 DEC: 1909 - ERROR_ACCOUNT_LOCKED_OUT (The referenced account is currently locked out and may not be logged on to.)
 LDAP[userAccountControl: <bitmask=0x00000010>] - LOCKOUT
 NOTE: Returns even if invalid password is presented.

sometime user report that, they typed the correct password, but still fail to login. server log is "HEX: 0×532 - password expired", it is strange and need to investigate.