none
LDAP authentication error: LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece

    Question

  • Dear All,

    We are developing a LDAP authentication against Active Directory, we met the follow errors, although the username and password are correct.

    LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece

    The user detail is: CN=Peter\, Lia\ ,OU=DEV,OU=HK_U,OU=cita,OU=US,DC=achtest,DC=local

    As you may saw, the last name of this user has a backslash, plus a space in CN, we guess it may be the problem, since other users don't have this problem if the last name of users don't have a backslash and a space.

    However we don't know how we can add a new user to duplicate this issue, since it's not way to add a new user with space in the end of name, the Active Directory will auto trim the space when system save the new user to database.

    My questions are:

    1. Do you have this kind of experience? Any idea to resolve?

    2. How we can add a new user with a space in the end of last name? and then we can replicate this issue again?

    Thanks in advance!

    Bright.

    Monday, June 01, 2009 5:21 PM

Answers

  • Bright,
    refer to my answer to your other post regarding this issue. This might help you with resolution.
    If not, can you post the code you are using that throws this error?

    hth
    Marcin
    Monday, June 01, 2009 5:56 PM

All replies

  • Bright,
    refer to my answer to your other post regarding this issue. This might help you with resolution.
    If not, can you post the code you are using that throws this error?

    hth
    Marcin
    Monday, June 01, 2009 5:56 PM
  • Maybe Bright isn't the only person requiring the answer and you could have posted it here just as easily as typing your reply
    Thursday, February 18, 2010 10:40 AM
  • Yeah, thansk for not sharing !
    Tuesday, August 10, 2010 3:33 PM
  • Any chance of a link to the answer?
    Tuesday, July 05, 2011 9:40 AM
  • The error code 52e indicates invalid credentials. Check the list below as reference regarding all error codes.

    525​ user not found ​
    52e​ invalid credentials ​
    530​ not permitted to logon at this time​
    531​ not permitted to logon at this workstation​
    532​ password expired ​
    533​ account disabled ​
    701​ account expired ​
    773​ user must reset password ​
    775​ user account locked
    • Proposed as answer by Iain Price Tuesday, April 14, 2015 12:58 PM
    Wednesday, May 23, 2012 1:02 PM
    • Edited by mbrownnyc Friday, July 20, 2012 5:59 PM
    Friday, July 20, 2012 5:59 PM
  • Hello Everyone,

    An LDAP authentication error as below found when a bind using the user credentials is passed. The Account is in Active State. I could not fine an Error code with "534". Could anyone suggest the possible cause here..

    LDAP: error code 49

    - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 534, v1db1

    Thanks

    Shaz


    Shajeer.K Windows Infrastructure

    Tuesday, February 18, 2014 6:48 AM
  • what is the solution for 525

    it is giving error eventhough user exists

    Tuesday, April 29, 2014 9:14 AM
  • Needs downvote option to remove unhelpful response from MVP for, as everyone else spotted, the fact that google will bring people here for YEARS to come.  Sure, i'll go read that "other thread" you dont even link.  Thanks.

    Helpfulness > self-righteousness :P


    • Edited by Iain Price Tuesday, April 14, 2015 12:46 PM
    Tuesday, April 14, 2015 12:46 PM
  • Google brought me here, too ;) Yay.
    Wednesday, April 29, 2015 6:30 PM
  • You could report as abuse -> "Off topic/irrelevant posts"

    I did :)


    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:

    Thursday, April 30, 2015 9:59 AM
  • 534 - The user has not been granted the requested logon type at this machine

    Source here... http://www-01.ibm.com/support/docview.wss?uid=swg21290631

    Ron

    Thursday, May 14, 2015 8:40 PM
  • Try using the User Principal Name (UPN)... The UPN equates to your user's login name and a UPN suffix (usually domain name). These parts are separated by the "@" symbol.

    Ron

     
    Thursday, May 14, 2015 8:45 PM
  • With regards to the 52e error, oddly enough our app will accept the Full Name when in the form of CN=<username> instead of the actual username.  For example, if you had a user who's full name is Bob Smith (sorry if there is a real Bob Smith reading this) and their login username is bsmith--you would normally put something like, cn=bsmith,ou=it,ou=dallas,dc=domain,dc=com but ours failed everytime.  By changing this to cn=Bob Smith,ou=it,ou=dallas,dc=domain,dc=com it passed!!  Hopefully this helps even though kind of counterintuitive.
    Wednesday, May 20, 2015 3:19 PM