Support Questions

Find answers, ask questions, and share your expertise

Ranger user sync error: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903CF

avatar
Rising Star
07 Dec 2015 11:33:12  INFO UserGroupSync [UnixUserSyncThread] - initializing sink: org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder
07 Dec 2015 11:33:13  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder created
07 Dec 2015 11:33:13  INFO UserGroupSync [UnixUserSyncThread] - initializing source: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder
07 Dec 2015 11:33:13  INFO UserGroupSync [UnixUserSyncThread] - Begin: initial load of user/group from source==>sink
07 Dec 2015 11:33:13  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LDAPUserGroupBuilder updateSink started
07 Dec 2015 11:33:13  INFO LdapUserGroupBuilder [UnixUserSyncThread] - LdapUserGroupBuilder initialization started
07 Dec 2015 11:33:13 ERROR UserGroupSync [UnixUserSyncThread] - Failed to initialize UserGroup source/sink. Will retry after 30000 milliseconds. Error details:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903CF, comment: AcceptSecurityContext error, data 52e, v2580^@]
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
  at javax.naming.InitialContext.init(InitialContext.java:244)
  at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
  at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.createLdapContext(LdapUserGroupBuilder.java:149)
  at org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder.updateSink(LdapUserGroupBuilder.java:262)
  at org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:58)
  at java.lang.Thread.run(Thread.java:745)
1 ACCEPTED SOLUTION

avatar
Expert Contributor

Mike,

This error usually occurs if the bind credentials (bind dn and/or bind password) are incorrect. Can you please verify those?

View solution in original post

12 REPLIES 12

avatar
Master Mentor

@Mike Li please check the credentials and ldap configs

http://www-01.ibm.com/support/docview.wss?uid=swg21290631

avatar
Master Mentor

@Mike Li

https://confluence.atlassian.com/display/CONFKB/User+directory+sync+fails+with+LDAP+Error+Code+49

52e = invalid credentials

LDAP: error code 49-80090308:LdapErr: DSID-0C0903CF, comment:AcceptSecurityContext error, data 52e,

avatar
Rising Star

Thanks all for providing possible reasons and solutions. I verified the user and password, they are correct. The only thing I can think of now is that whether from SysAdmin/Unix side, they need doing something, like to grant these users/goups to access the boxes??

avatar
Master Mentor

@Mike Li

Yes..thats true. Look into sssd or nslcd.

Are you able to access LDAP broweser using LDAP credentials?

avatar
Rising Star

Yes. I can use LDAP browser\Editor using the same credential.

avatar
Rising Star

Neeraj,

You are right the password got messed up. After correcting it, it starts to sync users/groups with AD.

Mike

avatar
Master Mentor

@Mike Li Did it help to resolve the issue? Thanks for confirming and updating the thread.

avatar
Expert Contributor

Mike,

This error usually occurs if the bind credentials (bind dn and/or bind password) are incorrect. Can you please verify those?

avatar
Rising Star

But I am sure my user and credentials are right, since I can use the credential in LDAP browser.