CODEWITHSUNDEEP
spring-bootspring-securityldapldap-queryadlds
Hamza Khattabi
Hamza Khattabi

Reputation: 674

Spring Boot LDAP - Eror code 80 when trying to auth users

I am trying to auth users through secured adlds server from a spring boot application, and I am facing an issue for 2 weeks now, and no solutions found in the internet worked for me.

First I had an error that says that I need to bind the authentication before successful operation. I added the right properties to the context source but now I am getting an error code 80 which gives me no clues on the error.

Here is my code:

Application.yml

spring:
  ldap:
    url: ldaps://<hostname>:636
    base: DC=<dc>>,DC=<dc>
    username: CN=<cn>>,OU=Privileged,OU=<ou>,OU=<ou>,OU=<ou>,DC=<dc>,DC=<dc>
    password: <secret>
    base-environment:
      com.sun.jndi.ldap.connect.timeout: 500
management:
  health:
    ldap:
      enabled: false

Configuration.java

@Bean
@DependsOn("frameworkInstance")
public LdapContextSource contextSource() {
    LdapContextSource contextSource = new LdapContextSource();
    contextSource.setUrl("ldaps://<hostname>:636");
    contextSource.setBase("<base>");
    contextSource.setUserDn("CN=<cn>,OU=<ou>>,OU=<ou>>,OU=<ou>>,OU=<ou>,DC=<dc>,DC=<dc>>");
    contextSource.setPassword("<secret>");
    contextSource.afterPropertiesSet();
    return contextSource;
}

@Bean
@DependsOn("frameworkInstance")
public LdapTemplate ldapTemplate() {
    return new LdapTemplate(contextSource());
}

My auth process :

Filter filter = new EqualsFilter("cn", "<cn>");
ldapTemplate.authenticate(LdapUtils.emptyLdapName(), filter.encode(), "<secret>");

The error code is :

Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 80 - 80090304: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 20ee, v3839\u0000]

I tried everything for a couple of days but nothing ... The account used for the "bind" and for the authentication is the same, to ensure that the auth will be succesfull. Keep in mind that the words between chevrons are hidden because of production environment, I am not allowed to display credentials, etc.

Do you have please any clues to resolve that issue ? it's very critical

Best regards,

Upvotes: 0

Views: 4123

Answers (1)

Gabriel Luci
Gabriel Luci

Reputation: 40928

In the error message, the data 20ee indicates the Windows System Error Code. According to the Microsoft documentation, that is:

ERROR_DS_INTERNAL_FAILURE

8430 (0x20EE)

The directory service encountered an internal failure.

I don't think that indicates any problem with your code. It sounds more like a problem with your Active Directory environment.

Have you tried connecting via regular LDAP rather than LDAPS? (ldap://<hostname>). If that works, then it would indicate a problem with the LDAPS configuration.

As a side note, if you indicate ldaps:// in the path, you don't need to include :636, since that is the default LDAPS port.

Upvotes: 0

Related Questions