Online demo
Download
Contact

Because information matters

  • LDAP AD Error-Need help

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
It is currently Fri Apr 17, 2026 4:34 am

LDAP AD Error-Need help

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

LDAP AD Error-Need help

 #13403  by raths
 
Hello all

I'm trying to connect Open KM to my Active Directory . But i'm getting the following error
Code: Select all
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
	at javax.naming.InitialContext.init(InitialContext.java:223)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
	at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:544)
	at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:342)
	at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:232)
	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
	at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
	at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
	at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
	at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
	at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:662)
But my AD username and Password is CORRECT . I dunno where i'm going wrong . It would be great if any one help me on this

My login config.xml file is
Code: Select all
 <application-policy name="OpenKM">
  <authentication>
    <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
      <module-option name="java.naming.provider.url">ldap://10.0.2.237:389</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="baseCtxDN">DC=gavsin,DC=com</module-option>
	  <module-option name="bindDN">cn=MY AD USERID,DC=gavsin,DC=com</module-option>
	  <module-option name="bindCredential">MY AD PASSOWRD</module-option>
      <module-option name="baseFilter">(cn={0})</module-option>
      <module-option name="rolesCtxDN">DC=gavsin,DC=com</module-option>
      <module-option name="roleFilter">(uniqueMember={1})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="roleNameAttributeID">cn</module-option>
      <module-option name="roleAttributeIsDN">true</module-option>
      <module-option name="roleRecursion">2</module-option>
      <module-option name="searchScope">SUBTREE_SCOPE</module-option>
      <module-option name="allowEmptyPasswords">False</module-option>
      <module-option name="defaultRole">UserRole</module-option>
    </login-module>
My config.cfg file is
Code: Select all
principal.ldap.server=ldap://10.0.2.237:389
principal.ldap.security.principal=DC=gavsin,DC=com
principal.ldap.user.search.base=DC=gavsin,DC=com
principal.ldap.user.search.filter=(&(accountstatus=active))
principal.ldap.user.attribute=uid=sAMAccountName
principal.ldap.role.search.base=DC=gavsin,DC=com
principal.ldap.role.search.filter=(&(objectclass=posixGroup)(!(description=Dynamic*)))
principal.ldap.role.attribute=cn
principal.ldap.users.by.role.search.base=DC=gavsin,DC=com
principal.ldap.users.by.role.search.filter=(&(objectclass=posixGroup)(!(description=Dynamic*))(cn=*{0}*))
principal.ldap.users.by.role.attribute=memberUid
principal.ldap.roles.by.user.search.base=CN=Domain-DNS,CN=Schema,CN=Configuration,DC=gavsin,DC=com
principal.ldap.roles.by.user.search.filter=(&(objectclass=posixGroup)(!(description=Dynamic*))(memberUid=*{0}*))
principal.ldap.roles.by.user.attribute=cn
Regards
Rathnavel
 Reply
 Return to “Configuration”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -