directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Force password change on next login with Active Directory
Date Wed, 19 May 2021 11:45:48 GMT
Hi,

On 18/05/2021 11:03, 4 Integration wrote:
> Hi again,
> 
> I have had a discussion with our vendor but they have difficulties to
> determine the underlying root cause more than error 49
> (INVALID_CREDENTIALS). I made a simple Java application to test this and
> cannot find anything more when debugging the PasswordException.
> Do you have any guidance what to look for?

Error 49 is what the server sends you. It get encapsulated into a 
PasswordException, but teh essence of the error is that:
- either your user does not exist, or you have a typo in it
- or the password is inccorect
- or it has expired
- or some password policy rules out the password for some reason (and 
this is very server specific)

Now, the logs provide more information. Typically :

Message ID : 21
     BindResponse
         Ldap Result
             Result code : (INVALID_CREDENTIALS) invalidCredentials
             Matched Dn : ''
             Diagnostic message : '80090308: LdapErr: DSID-0C090453,
comment: AcceptSecurityContext error, data 773, v3839'
)


and if you google that, you get :

data 773 : 	user must reset password



-- 
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecharny@busit.com https://www.busit.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: api-unsubscribe@directory.apache.org
For additional commands, e-mail: api-help@directory.apache.org


Mime
View raw message