Develop Reference

Using cfldap to add users to the AD

I keep getting this error when trying to add users to the AD via cfldap:
An error has occured while trying to execute query :[LDAP: error code 16 - 00000057: LdapErr: DSID-0C0910DA, comment: Error in attribute conversion operation, data 0, v4563 ].
This is my code:
<CFLDAP
SERVER="<my server>"
USERNAME="<my account>"
PASSWORD="<my password>"
ACTION="ADD"
ATTRIBUTES="Name=t.test123abc;
SamAccountName=t.test123abc;
UserPrincipalName=t.test123abc#test.edu;
Email=t.test123abc#test.edu;
DisplayName=Test Test123abc;
Path=""OU=DomainUsers, DC=test, DC=edu"";
Enabled=true;
GivenName=Test;
Surname=Test123abc;
EmployeeNumber=123;
Description=03-25-2021;"
DN="CN=t.test123abc,OU=DomainUsers,DC=test,DC=edu"
>
What is it complaining about? What is making it so unhappy?

: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]

I am getting the following error in the logs. Though we are supplying the correct user name and password to login to the website. The LDAP is giving this error.
: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]
Any suggestions would be really appreciable.
The login was working fine previously. We are suddenly facing this issue. And getting the above mentioned error.

data 773 means you need to reset the password
Please check this article for further knowledge :
http://www-01.ibm.com/support/docview.wss?uid=swg21290631

This link is helpful :)
http://ldapwiki.willeke.com/wiki/Common%20Active%20Directory%20Bind%20Errors
Your problem is due to:
'Password Expiration: Entry's password must be changed before logging on LDAP pwdLastSet: value of 0 indicates admin-required password change - MUST_CHANGE_PASSWD'

ATG catalog export error in startSQLRepository

I want to export the catalog data from atg production. I followed the steps as below.
create FakeXADatasource.properties file in C:\ATG\ATG10.1.1\home\localconfig\atg\dynamo\service\jdbc. (There is mysql user named atguser with password atg123$)
$class=atg.service.jdbc.FakeXADataSource
URL=jdbc:mysql://localhost:3306/prod_lo
user=atguser
password=atg123$
driver=com.mysql.jdbc.Driver
change JTDataSource.properties as below.
$class=atg.service.jdbc.MonitoredDataSource
dataSource=/atg/dynamo/service/jdbc/FakeXADataSource
transactionManager=/atg/dynamo/transaction/TransactionManager
loggingSQLInfo=false
min=10
maxFree=-1
loggingSQLError=false
blocking=true
loggingSQLWarning=false
max=10
loggingSQLDebug=false
then run the "
startSQLRepository.bat -m Store.Storefront -export all
catalogExport.xml -repository /atg/commerce/catalog/ProductCatalog"
command.
but while it processing it gives below error. Anyone know the reason or how to do a complete catalog export? (I have remove the last part of the error log because it exceeds the maximum length of 30000 characters. )
./startSQLRepository -m Store.Storefront -export all catalogExport.xml -repository /atg/commerce/catalog/ProductCatalog
Error:
Error /atg/dynamo/service/jdbc/JTDataSource an exception was
encountered while trying to populate the pool with the starting number
of resources: atg.service.resourcepool.ResourcePoolException:
java.sql.SQLException: Access denied for user 'root'#'localhost'
(using password: NO)
Error /atg/dynamo/service/jdbc/JTDataSource The connection pool failed to initialize propertly, i.e. the starting number of
connections could not be created; check your database accessibility
and JDBC driver configuration
Error /atg/dynamo/service/IdGenerator CONTAINER:atg.service.idgen.IdGeneratorException;
SOURCE:CONTAINER:atg.service.idgen.IdGeneratorException;
SOURCE:java.sql.SQLException:
atg.service.resourcepool.ResourcePoolException: java.sql.SQLException:
Access denied for user 'root'#'localhost' (using password: NO)
Error /atg/dynamo/service/IdGenerator at atg.service.idgen.PersistentIdGenerator.initialize(PersistentIdGenerator.java:389)
Error /atg/dynamo/service/IdGenerator at atg.service.idgen.AbstractSequentialIdGenerator.doStartService(AbstractSequentialIdGenerator.java:643)

try setting max and min poolsizes to 1 and 5
Also make sure your DB is up and running and can be connected to
-DC21

the configuration you are given the startSQLRepository is not taking is at runtime because it is still saying using password no and second error is with you connection pool. my suggestion is for you that try to change only to FakeXADatasource.properties file with username and password. I tried with the same configuration and able to export.

Error 533 in Active Directory LDAP

I am trying to configure Active Directory (AD LDS) for use with my application. I am using ForeignJNDIProvider in Weblogic app server to configure the settings for AD. From my Java based application, I do a lookup on InitialContext as shown below:
InitialContext iCtx = new InitialContext();
DirContext dir = (DirContext) iCtx.lookup(<JNDI name>);
The second code line above fails with the following error:
javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 533, v1db1 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at weblogic.jndi.internal.ForeignOpaqueReference.getReferent(ForeignOpaqueReference.java:70)
at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)
at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:377)
at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:856)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:209)
at weblogic.jndi.internal.WLEventContextImpl.lookup(WLEventContextImpl.java:254)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:411)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
I tried looking up what error 533 in AD meant. The only answer I got was that it meant "Account Disabled". I am not sure this is the case. How can I fix this?

Got it...solved the problem by changing the value for attribute msDS-UserAccountDisabled to false. AD accounts when created are disabled by default.
Resource: http://technet.microsoft.com/en-us/library/cc725934

For me, the error was in the attribute "userAccountControl". I had to change it from 546 (ACCOUNTDISABLE | PASSWD_NOTREQD | NORMAL_ACCOUNT) to 512 (NORMAL_ACCOUNT). Also see: http://support.microsoft.com/kb/305144/de

CAS AD LDAP 32 error

I am seeing this when I try to login with CAS which is authenticating against AD over LDAP.
SEVERE: Servlet.service() for servlet cas threw exception
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
''
]; remaining name '/'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:588)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:546)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:401)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:421)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:441)
Up to that point I was authenticated by the BindLdapAuthenticationHandler, resolved, it generated a query builder and then threw this.
I think it is failing when it is trying to get attributes back. Why is the remaining name '/'?

Remaining name is a part of a DN that wasn't actually found at a certain level of a DIT. For example when you search cn=johns,ou=marketing,dc=example,dc=com and ou=marketing,dc=example,dc=com exists but cn=johns does not exists inside of ou=marketing then the remaning name would be cn=johns.
'/' does not look like a valid RDN. I would recommend to verify what you pass as a search base. Most likely it's an invalid DN string.

LDAP error code 32 means "no such object", in this case, perhaps the base object of the search did not exist.