I am connecting to AD Server from my application using LDAP. I got successfully authenticated but when I search for an user it throws an exception with LDAP Error code 32 in acl_read: instanceType for base.
javax.naming.NameNotFoundException: [LDAP: error code 32 - acl_read: Error retrieving instanceType for base. at ../source4/dsdb/samdb/ldb_modules/acl_read.c:362]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
I have verified the baseDN, domain name and port, they are correct and we are able to connect to it.
I got the query string from logs and I verified the same in custom search in AD Browser. It seems to be working fine and giving back the results.
Query from Logs: (&(objectClass=user)(objectCategory=person)(|(|(sAMAccountname=*MSUser1*)(givenName=*MSUser1*)(sn=*MSUser1*))))
Not sure what is going wrong here. Can some help me in identifying and fixing this issue.
Thanks
Issue is with the baseDN itself. We have configured the LDAP rightly but somewhere in the code there is a property file which is overwriting the baseDN we had in settings. It was really tough to identify because it is not documented anywhere and we had to decompile all class files to get to the details of that file.
Along with that we modified our TOP_OU and USERS_OU and DN_PREFIX, then it started pulling all the users.
TOP_LEVEL_OU_OR_GROUP_DN=DC=awssiladev,DC=mycomp,DC=com
USER_OU_OR_GROUP_DN=CN=Users,DC=awssiladev,DC=mycomp,DC=com
DN_PREFIX=CN=