问题描述
的体系结构是如下所示:
The architecture is as follows:
3 LPAR's(12实例),它们运行的BPM,并在这个问题上的设备是业务空间。
WAS 7.0 4 servers on 3 LPAR´s (12 instances), on them is running BPM and the appliance on this matter is Business Space.
有关的ID,我们有AD DS(2个分支)一个DC = principal.com至极配置为全局编录和另外一个DC = principal.com.offices
For ID we have AD DS (2 branches) one DC=principal.com wich is configured as the Global Catalog and another one DC=principal.com.offices
已指向DC = principal.com端口上3268(全局编录)
WAS is pointing to DC=principal.com on the port 3268 (global catalog)
有关,我们有以下错误的用户不到1%:
For less than 1% of the users we have the following error:
他们尝试登录,但他们不可阻挡,并收到消息请检查你的用户名和passowrd,并在我们得到以下信息日志
They try to login but they can´t and receive the message "Check your username and passowrd" and in the LOGs we get the following message
0000004c LTPAServerObj E
SECJ0369E: Authentication failed when using LTPA. The exception is
CWWIM4529E The password verification for the ' principal_name ' principal name failed 'e60083'. root cause: 'javax.naming.AuthenticationException:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]; Resolved object: 'com.sun.jndi.ldap.LdapCtx@519d519d''
一个用户能够在早上登录并获得自下午previously描述的错误。
A user was able to login in the morning and got the previously described error since afternoon.
一个用户可能无法从一台计算机登录,并能够从另外一个(在同一ADDS分公司)做
A user might be unable to logon from one computer and be able to do it from another one (on the same ADDS Branch)
在另一个变更控制,不涉及这个问题,当时服务器必须重新启动。问题inmediatly停止。而现在已经开始了。
On another Change control, not related to this issue, WAS servers had to be restarted. The problem stopped inmediatly. And now is starting again.
任何指针,调查将是非常有益的。在此先感谢
Any pointer to investigate would be very helpful. Thanks in advance
推荐答案
我不知道这是否会帮助,但它可能让你开始。
I'm not sure if this will help but it may get you started.
我们在DC上是不允许匿名绑定看到这个错误。我们必须提供管理员以绑定到LDAP服务器,然后通过凭据的搜索请求,以验证用户的用户名密码Ð。我们还发现,你需要prePEND与域短名称的管理员帐户。 I.E.短名称\管理员。
We saw this error on a DC that did not allow anonymous binding. We had to provide the admin username an d password in order to bind to the LDAP server, then pass the credentials for the user to authenticate in the search request. We also found that you need to prepend the admin account with the domain short name. I.E. shortName\administrator.
这篇关于随机获得LDAP错误49,数据52E随机的用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!