Weird LDAP error

Question

See stacktrace below

Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1 ] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3099) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3045) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2847) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2761) at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:328)

Cant seem to find the exact error description based on the LdapErr code (DSID-0C0903A8) and the other details. Weird thing is, this happens intermittently. It gets fixed when application server connecting to ldap is restarted. We are using Websphere Application server 8.5

Can anyone suggest the cause for this error?

Answer 1

This error will occur when invalid credentials (data 52e) are presented. The trivial reason is a mistyped password or username.

A more sophisticated reason can be an unknown user or outdated password due to replication issues. This can happen if an administrator creates (or modifies) the user account on DC-1 and Websphere tries to bind that user to DC-42 before the user account was replicated to that DC. Depending on network topology and latency settings you may have a lot of time (between seconds and hours) to play that game.

You may want to make sure Websphere connects to the PDC-Emulator, so at least the current passwords are known as fast as can be.