We have configured LDAP settings in tomcat.its working fine all these days.but suddenly getting the LDAP error log shown below. What is the meaning of the error log and how can I fix it?
This is the LDAP configuration set in a tomcat config file:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldaps://xxx.rp.local:636"
alternateURL="ldaps://xxx.rp.local:636"
curUserPattern="%s@rp"
connectionName="CN=Cengage Content Management Systems LDAP,OU=Service Accounts,OU=FAR,DC=rp,DC=local"
connectionPassword="xxxxxxxx"
referrals="follow"
userBase="DC=rp,DC=local"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="DC=rp,DC=local"
roleName="name"
roleSubtree="true"
roleSearch="(member={0})" resourceName="web_realm"
/>
Error Log:
Jul 19, 2016 11:14:04 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Context/Realm} Setting property 'debug' to '99' did not find a matching property.
Jul 19, 2016 11:14:04 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Context/Realm} Setting property 'curUserPattern' to '%s@corp' did not find a matching property.
Jul 19, 2016 11:14:04 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Context/Realm} Setting property 'resourceName' to 'add_web_realm' did not find a matching property.
Jul 19, 2016 11:14:05 AM org.apache.catalina.core.ContainerBase addChildInternal
SEVERE: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/add-web]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [Realm[JNDIRealm]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5350)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 10 more
Caused by: org.apache.catalina.LifecycleException: Exception opening directory server connection
at org.apache.catalina.realm.JNDIRealm.startInternal(JNDIRealm.java:2191)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 12 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 775, v1db1^@]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
The answer to your issue lies in the LDAP error code:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 775, v1db1^@]
The data 775 is the important part. That hex code translates to a decimal system error code of 1909, which is a windows system error code. That is documented here:
ERROR_ACCOUNT_LOCKED_OUT
1909 (0x775)
The referenced account is currently locked out and may not be logged on to.
So it would appear that an account you're trying to use is locked.