directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <>
Subject Re: Using LDAPConnection class...
Date Mon, 06 Sep 2010 13:37:51 GMT
On Mon, Sep 6, 2010 at 6:51 PM, Arvind N <> wrote:
> Hi,
>   Just downloaded the ldap client api version 0.1 and wrote sample program to
> connect to a Active Directory seem to hit a weird problem.
> The tutorial does not provide much info so thought of checking in the list.
> Do let me know if I have got the wrong list.
> The piece that is failing is
>                        LdapConnection connection = new LdapConnection(svrIP,
new Integer(svrPort));
>                        BindRequest request = new BindRequest();
>                        request.setCredentials(password);
>                        request.setName("cn=Arvind N");
>                        BindResponse resp = connection.bind(request);
>                        LdapResult result = resp.getLdapResult();
>                        System.out.println("the error message is " + result.getErrorMessage());
> For this I always get an error message
> ** the error message is 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece **
> Googled quite a bit to not avail and to dig deeper hit ethereal.
> Noticed that in the LDAP protocol extract, the bind request had something like this
> ....
> DN: cn=Arvind N
> ..
> To cross verify if I had done anything wrong...
> I downloaded a java based LDAP browser JXplorer and provided the same input of
> User DN of "Arvind N" and the same credentials and it logged in just fine
> In this login ethereal trace noticed the below difference... and this seems to work always...
> ....
> DN: Arvind N
> .....
> Other then the above difference I did not notice any other difference in the LDAP packet
> between JXplorer(Which logged in just fine) and Apache LDAP Client API( failed to login)....
> Do let me know how can I make Apache LDAP client API to send DN: as plain DN: Arvind
> which I think should make the thing work just fine...
client-api requires the user name in the form of a DN so 'Arvind N'
cannot be used as it is not a valid DN. JXplorer must be doing some
behind the scenes work to make it work with AD.

Kiran Ayyagari

View raw message