我想为我的应用程序中使用配置Active Directory(AD LDS)。我在Weblogic应用服务器中使用ForeignJNDIProvider来配置AD的设置。从我的基于Java的应用程序,我做的InitialContext查找如下图所示:错误533在Active Directory LDAP
InitialContext iCtx = new InitialContext();
DirContext dir = (DirContext) iCtx.lookup(<JNDI name>);
上面的第二个代码行失败,出现以下错误:
javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 533, v1db1 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at weblogic.jndi.internal.ForeignOpaqueReference.getReferent(ForeignOpaqueReference.java:70)
at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)
at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:377)
at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:856)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:209)
at weblogic.jndi.internal.WLEventContextImpl.lookup(WLEventContextImpl.java:254)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:411)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
我试图寻找了什么样的错误533 AD意思。我得到的唯一答案是,它意味着“帐户禁用”。我不确定情况如何。我怎样才能解决这个问题?
我刚刚查找了错误代码49(来自堆栈跟踪)并在此处找到链接:http://forums.devshed.com/ldap-programming-76/javax-naming-authenticationexception-ldap-错误码49-80090308 - ldaperr-DSID - 121363.html。 我建议测试LDAP相关的查询,连接等在Apache的目录工作室(我用它积极地):http://directory.apache.org/studio/ – Blaskovicz
嗨,Apache的目录工作室看起来真的很酷,但它并不显示我的DN下为AD LDS(我可以看到使用ADSI编辑)的目录条目。任何想法? –