1
votes

I am trying to bind an LDAP client to a Windows AD LDAP server and I see this error in the packet capture:

resultCode: invalidCredentials (49) 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 51f, v1772

I understand this is an authentication error but wish to know what does "data 51f" stand for? Any help would be appreciated.

2

2 Answers

2
votes

From my last experience, we've noticed that when the bind request was returning the famous "undocumented" data 51f, the LDAP connector/server was in an overloaded state (CPU hitting 100%). Increasing the hardware resources resolved our problem.

Hope that helps.

1
votes

You are looking at the wrong data. The actual error you have is this 80090308

//
// MessageId: SEC_E_INVALID_TOKEN
//
// MessageText:
//
// The token supplied to the function is invalid
//
#define SEC_E_INVALID_TOKEN              _HRESULT_TYPEDEF_(0x80090308L)

Here is the source for it winerror.h.

This leads me to think that you haven't passed you password correctly. To successfully authenticate to AD via LDAP you need to send the quoted password string encoded in UTF-16LE. So for example if you password is password, you need to encode "password" in UTF-16LE and send the result to the AD.