directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <>
Subject Re: Using LDAPConnection class...
Date Mon, 06 Sep 2010 14:02:56 GMT
On Mon, Sep 6, 2010 at 3:37 PM, Kiran Ayyagari <> wrote:
> On Mon, Sep 6, 2010 at 6:51 PM, Arvind N <> wrote:
>> For this I always get an error message
>> ** the error message is 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece **
>> Googled quite a bit to not avail and to dig deeper hit ethereal.
>> Noticed that in the LDAP protocol extract, the bind request had something like this
>> ....
>> DN: cn=Arvind N
>> ..
>> To cross verify if I had done anything wrong...
>> I downloaded a java based LDAP browser JXplorer and provided the same input of
>> User DN of "Arvind N" and the same credentials and it logged in just fine
>> In this login ethereal trace noticed the below difference... and this seems to work
>> ....
>> DN: Arvind N
>> .....
>> Other then the above difference I did not notice any other difference in the LDAP
>> between JXplorer(Which logged in just fine) and Apache LDAP Client API( failed to
>> Do let me know how can I make Apache LDAP client API to send DN: as plain DN: Arvind
>> which I think should make the thing work just fine...
> client-api requires the user name in the form of a DN so 'Arvind N'
> cannot be used as it is not a valid DN. JXplorer must be doing some
> behind the scenes work to make it work with AD.

AD accepts either
- the full DN, that looks typically like "cn=Arvind
- or the samAccountName and the domain in format "Arvind N@DOMAIN"

Could you try to use the full DN of your user?

@Emmanuel, Kiran:
JXplorer makes the same as Apache Directory Studio: It uses JNDI and
JNDI accepts a non-DN as principal. I think we should allow the same
for the new API. WDYT?

Kind Regards,

View raw message