Announcement Announcement Module
Collapse
No announcement yet.
DefaultDirContextValidator validation failing Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • DefaultDirContextValidator validation failing

    Hi All,

    I know very little about ldap.

    I have the PoolingContextSource and DefaultDirContextValidator configured. Version 1.3. The validator is failing with the default settings. I've seen various jira issues, such as 121 and 167, but those don't seem to be the problem.

    The error I get is something like this:

    javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: NameErr: DSID-031001D1, problem 2006 (BAD_NAME), data 8349, best match of:
    'OU=ent,DC=ent,DC=blue,DC=banana,DC=qa/ou=CAS'
    ]; remaining name ''
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCt x.java:3009)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCt x.java:2823)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1 832)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:17 55)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_sea rch(ComponentDirContext.java:368)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.search(PartialCompositeDirContext.java:338)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.search(PartialCompositeDirContext.java:321)
    at javax.naming.directory.InitialDirContext.search(In itialDirContext.java:248)
    at org.springframework.ldap.pool.validation.DefaultDi rContextValidator.validateDirContext(DefaultDirCon textValidator.java:165)

    (I changed some of those values in the dn.)

    If I trap the thread in the debugger and change the base string to that exact best match, I get more or less the same thing. I tried a bunch of other search base options, like OU=CAS or the dn for my own user record, but get pretty much the same thing. I also tried other search scopes in SearchControls.

    I have an ldap browser and there is an ou called CAS at OU=ent,DC=ent,DC=blue,DC=banana,DC=qa.

    I know if I disable validation completely, I'll get connection reset errors after a while, so I don't want to do that.

    I've turned off the default sun ldap pooling.

    Anbody know what the magic incantation is to get this to work?

    thanks

  • #2
    Here's a little more info.

    I discovered that my url contained the OU=ent,DC=ent,DC=blue,DC=banana,DC=qa part on the end. I removed it and got a different error:

    javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-03100754, problem 5012 (DIR_ERROR), data 0
    ]; remaining name ''

    Now it's a DIR_ERROR and not a BAD_NAME error.

    I then put OU=ent,DC=ent,DC=blue,DC=banana,DC=qa as the search base and got this error:

    javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-03100754, problem 5012 (DIR_ERROR), data 0
    ]; remaining name 'OU=ent,DC=ent,DC=blue,DC=banana,DC=qa'

    Changing the search scope didn't help.

    thanks

    Comment


    • #3
      I think the problem was a misconfiguration on my end. I had set the "base" property of the DirContextSource bean. I also explicitly set the "base" arg to the LdapTemplate.search method to the same value. Of course I then had a composite base that didn't exist, hence the error.

      I was not able to find a doc anywhere that detailed the various errors AD returns.

      thanks

      Comment

      Working...
      X