Error connecting to Active Directory via LDAP using DIGEST-MD5 auth

Question

Error connecting to Active Directory via LDAP using DIGEST-MD5 auth

I have a problem connecting to Active Directory (Windows Server 2008 R2) via LDAP using the SASL DIGEST-MD5 authentication mechanism. I get the following error:

Authentication Error - [LDAP: Error Code 49 - 8009030C: LdapErr: DSID-0C0904DC, Comment: AcceptSecurityContext Error, Data 52e, v1db1]

The same error is reported by different clients. Basic authentication with the same credentials works fine.

I know that error 49 means "invalid credentials", but WHY?

+4

windows ldap sasl

Vsevolod Aug 29 '12 at 12:46

source share

1 answer

Terry gardner · Answer 1 · 2012-08-29T15:04:09+0000

Make sure the full qualified distinguished name is correct. Some servers report invalid credentials for the case when the distinguished name is not found in the directory. This is not bad, this is good because it does not indicate to the attacker that the distinguished name does not exist.

Error connecting to Active Directory via LDAP using DIGEST-MD5 auth

More articles: