On Mon, Sep 6, 2010 at 3:37 PM, Kiran Ayyagari <[email protected]> wrote: > On Mon, Sep 6, 2010 at 6:51 PM, Arvind N <[email protected]> wrote: >> For this I always get an error message >> ** the error message is 80090308: LdapErr: DSID-0C090334, comment: >> AcceptSecurityContext error, data 525, vece ** >> Googled quite a bit to not avail and to dig deeper hit ethereal. >> Noticed that in the LDAP protocol extract, the bind request had something >> like this >> .... >> DN: cn=Arvind N >> .. >> >> To cross verify if I had done anything wrong... >> >> I downloaded a java based LDAP browser JXplorer and provided the same input >> of >> User DN of "Arvind N" and the same credentials and it logged in just fine >> In this login ethereal trace noticed the below difference... and this seems >> to work always... >> >> .... >> DN: Arvind N >> ..... >> >> >> Other then the above difference I did not notice any other difference in the >> LDAP packet >> between JXplorer(Which logged in just fine) and Apache LDAP Client API( >> failed to login).... >> Do let me know how can I make Apache LDAP client API to send DN: as plain >> DN: Arvind N, >> which I think should make the thing work just fine... > client-api requires the user name in the form of a DN so 'Arvind N' > cannot be used as it is not a valid DN. JXplorer must be doing some > behind the scenes work to make it work with AD.
AD accepts either - the full DN, that looks typically like "cn=Arvind N,cn=Users,dc=MyDomain,dc=com" - or the samAccountName and the domain in format "Arvind n...@domain" @Arvind: Could you try to use the full DN of your user? @Emmanuel, Kiran: JXplorer makes the same as Apache Directory Studio: It uses JNDI and JNDI accepts a non-DN as principal. I think we should allow the same for the new API. WDYT? Kind Regards, Stefan
