User replication via LDAP connection or logging into YSoft SafeQ web is not functioning.
Applies to YSoft SafeQ5 and YSoft SafeQ6.
The management-service.log (or cml.log / cmlweb.log in YSoft SafeQ 5) or replicator.log contains error similar to the following:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 701, v1db0]
The error indicates authentication issues with the LDAP server. The critical code appears at the error's end; in the preceding line, it's "701." Refer to the Resolution section's table to interpret the error's meaning.
Resolution:
Following is a list of error codes that can appear in the error message. These are generated by LDAP server and are only relayed to YSoft SafeQ.
|
Error code
|
Meaning
|
|---|---|
| 52e | Invalid credentials |
| 525 | User not found |
| 530 | Not permitted to logon at this time |
| 531 | Not permitted to logon at this workstation |
| 532 | Password expired |
| 533 | Account disabled |
| 534 | The user has not been granted the requested logon type at this machine |
| 701 | Account expired |
| 773 | User must reset password |
| 775 | User account locked |
The resolution should be evident from the translation of the error code. E.g. for error 553 - Account is disabled, you will need to enable the account used for synchronization between YSoft SafeQ and the LDAP server.
See details on configuring the LDAP connector in the documentation article LDAP integration.