Problem

When using the Active Directory Driver with Novell Identity Manager, you may sometimes see an LDAP error 49 in your DSTrace. This means the account credentails could not log in correctly.

Solution

Here are the error codes you might see along with error 49, and their definitions:

  • 525 – user not found
  • 52e – invalid credentials
  • 530 – not permitted to logon at this time
  • 531 – workstation restriction
  • 532 – password expired
  • 533 – account disabled
  • 568 – too many contexts ids (too many group memberships)
  • 701 – account expired
  • 773 – user must reset password
  • 775 – user is intruder locked

It’s useful to know what to do next to resolve the problem. For a 525 error, you probably have the Bind DN wrong. Remember that in AD, the default Users container on a fresh install is an odd object class, whose naming attribute is actually cn=Users(,dc=acme,dc=com) instead of what you might be expecting (such as ou=Users,dc=acme,dc=com).

If you see a 52e, it means you sent the wrong password. And so on and so forth.

You will often see a “sub-error” code that may be quite informative.

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

geoffc
By: geoffc
Jan 24, 2007
3:07 am
Reads:
1,809
Score:
5