Ldap Bind gives AccessSecurityContext error, data 20ee

[Jayant Pandit <jp...@fileandbox.com>]

Hello,

I am just starting on an app to read users list from LDAP. I am trying the LDAP API for this. Domain controller is running windows 2012 R2 server. I could do it in .net but I prefer to do it in Java as the final product will be a web-app. I am trying just a simple bind and it keeps giving this exception. The statement giving exception is very simple -

conn.bind("....user dn....","..password..");

The user DN is correct. I found it from the dsquery for the user. If I run it on a computer outside the domain, not even connected, I get events 2536 and 2537 on the ldap service at times. I have been trying various things like changing service users etc. so I couldn't keep track of exactly when I get 2536 and when 2537. If I run the program on the domain controller itself I get same error but no offending events. Rather confusing. There are no other objectionable events in the service event log.

Anonymous bind works ( connection.bind() ) but then query does not work at all. Returns nothing.

Hope someone has seen this problem before and or either way can give me some help.

Thanks,
-Jayant Pandit.

Re: Ldap Bind gives AccessSecurityContext error, data 20ee

[Emmanuel Lécharny <el...@gmail.com>]

Le 22/10/15 19:10, Jayant Pandit a écrit :
> Hello Emmanuel,
>
> Thank you for replying. The events 2536 and 2537 are basically what I am referring to as the errors on the domain controller. I see these on the event log. I have an update which may help.

They most certainly are some explicit Microsoft error message. Kind of
(irony ;-)
>
> I checked on google and there were many recommendations regarding granting the service user specific right for creating and deleting children on the parent DN mentioned in the event detail. I did that but it did not help. Then I changed the service user from Network Service to another user specifically created with the said rights. Now it is working. I say this may help because during the time I also did a lot of other things as part of my adfs setup. I can't be certain if one of those changes fixed this problem too.
>
> I now seem to have a choice between using java and .net to work. I am looking forward to working with LDAP API.

Good to know it's working for you. Have fun with the API !

RE: Ldap Bind gives AccessSecurityContext error, data 20ee

[Jayant Pandit <jp...@fileandbox.com>]

Hello Emmanuel,

Thank you for replying. The events 2536 and 2537 are basically what I am referring to as the errors on the domain controller. I see these on the event log. I have an update which may help.

I checked on google and there were many recommendations regarding granting the service user specific right for creating and deleting children on the parent DN mentioned in the event detail. I did that but it did not help. Then I changed the service user from Network Service to another user specifically created with the said rights. Now it is working. I say this may help because during the time I also did a lot of other things as part of my adfs setup. I can't be certain if one of those changes fixed this problem too.

I now seem to have a choice between using java and .net to work. I am looking forward to working with LDAP API.

Regards,
-Jayant.

Re: Ldap Bind gives AccessSecurityContext error, data 20ee

[Emmanuel Lécharny <el...@gmail.com>]

Le 20/10/15 23:32, Jayant Pandit a écrit :
> Hello,
>
> I am just starting on an app to read users list from LDAP. I am trying the LDAP API for this. Domain controller is running windows 2012 R2 server. I could do it in .net but I prefer to do it in Java as the final product will be a web-app. I am trying just a simple bind and it keeps giving this exception. The statement giving exception is very simple -
>
> conn.bind("....user dn....","..password..");
>
> The user DN is correct. I found it from the dsquery for the user. If I run it on a computer outside the domain, not even connected, I get events 2536 and 2537 on the ldap service at times. I have been trying various things like changing service users etc. so I couldn't keep track of exactly when I get 2536 and when 2537. If I run the program on the domain controller itself I get same error but no offending events. Rather confusing. There are no other objectionable events in the service event log.

Can you try using Directory Studio to bind using this user and creds, to
see what's wrong ?

Otherwise, I have no idea what those 2536/2537 events can be. If you
have more information about what they mean, that would be appreciated.
Same for the errors you get on the domain controller : what are they ?