子错误代码 568 对于 Active Directory 的 Ldap 错误 49 意味着什么
我正在编写一些使用 SASL GSSAPI 对 Active Directory 进行身份验证的 Java 代码。大多数情况下,这段代码工作正常,但对于一个用户,我得到的响应是:
javax.naming.AuthenticationException: [LDAP: error code 49 - 8
0090304: LdapErr: DSID-0C0904D1, comment: AcceptSecurityContext error, data 568,
v1772 ]
我知道 49 意味着这是一次身份验证失败,相关的子代码是 568,但我只知道该数据的以下含义:
- 525 - 未找到用户
- 52e - 无效凭据
- 530 - 目前不允许登录
- 532 - 密码已过期
- 533 - 帐户已禁用
- 701 - 帐户已过期
- 773 - 用户必须重置密码
到目前为止,我无法找到这些错误代码的权威来源Microsoft(此列表是根据论坛帖子拼凑而成),我找不到该 568 错误的任何内容。
有谁知道这意味着什么?
编辑:看起来这个列表的来源来自来自 IBM 的此文档
I am writing some Java code that authenticates to Active Directory using SASL GSSAPI. Mostly this code is working fine but for one user I am getting the response:
javax.naming.AuthenticationException: [LDAP: error code 49 - 8
0090304: LdapErr: DSID-0C0904D1, comment: AcceptSecurityContext error, data 568,
v1772 ]
I know that 49 means this is an authentication failure, and that the relevant sub code is 568, but I am only aware of the following meanings for that data:
- 525 - user not found
- 52e - invalid credentials
- 530 - not permitted to logon at this time
- 532 - password expired
- 533 - account disabled
- 701 - account expired
- 773 - user must reset password
So far I am unable to find an authorative source of these error codes from Microsoft (this list is pieced together from forum posts) and I can't find anything for that 568 error.
Does anyone know what it means?
EDIT: It looks like the source of this list comes from this documentation from IBM
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
此 和 此列表包含似乎与上述数字相对应的错误代码,即。
从该列表中可以看出,此错误代码的含义是:
ERROR_TOO_MANY_CONTEXT_IDS 1384 (0x568) 在尝试登录期间,用户的安全上下文累积了太多安全 ID。
事实证明,该帐户有 2000 个组成员身份,超出了内部 Active Directory 限制。您只能拥有 1015 个左右的组成员身份否则登录将失败。
有关此错误的详细信息,请访问:http://go.microsoft.com/fwlink/?LinkId=146571" rel="noreferrer">http://go.microsoft.com/fwlink/? LinkId=146571。
This and this list contain error codes that seem to correspond to the above numbers, viz.
From this list it appears that this error code means:
ERROR_TOO_MANY_CONTEXT_IDS 1384 (0x568) During a logon attempt, the user's security context accumulated too many security IDs.
It turns out that this account has 2000 group memberships which are overrunning an internal Active Directory limit. You may only have 1015 or so group memberships otherwise login will fail.
More information is available on this error at: http://go.microsoft.com/fwlink/?LinkId=146571.