Error retrieving instanceType for base - LDAP Search

0
votes

I am connecting to AD Server from my application using LDAP. I got successfully authenticated but when I search for an user it throws an exception with LDAP Error code 32 in acl_read: instanceType for base. 

javax.naming.NameNotFoundException: [LDAP: error code 32 - acl_read: Error retrieving instanceType for base. at ../source4/dsdb/samdb/ldb_modules/acl_read.c:362]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)

I have verified the baseDN, domain name and port, they are correct and we are able to connect to it.

I got the query string from logs and I verified the same in custom search in AD Browser. It seems to be working fine and giving back the results.

Query from Logs: (&(objectClass=user)(objectCategory=person)(|(|(sAMAccountname=*MSUser1*)(givenName=*MSUser1*)(sn=*MSUser1*))))

Not sure what is going wrong here. Can some help me in identifying and fixing this issue.

Thanks

1
active-directoryldapldap-query
There is something not right about your baseDN. Suggest u try using a KNOWN good LDAP browser or ldapssearch utility. (I like directory.apache.org/studio )jwilleke
Thanks, I have used AD Browser with same baseDN and it worked. However, I am going to try with the one from Apache.samuelebe
I tried with Apache browser and it worked with same baseDN. Custom search gave me back results as well. Any other thoughts please?samuelebe
What would the exact query look like using ldasearch command ?EricLavault
DN_PREFIX seems weird, I would try DN_PREFIX=CN= (or DN_PREFIX=CN)EricLavault

1 Answers

0
votes

Issue is with the baseDN itself. We have configured the LDAP rightly but somewhere in the code there is a property file which is overwriting the baseDN we had in settings. It was really tough to identify because it is not documented anywhere and we had to decompile all class files to get to the details of that file.

Along with that we modified our TOP_OU and USERS_OU and DN_PREFIX, then it started pulling all the users.

TOP_LEVEL_OU_OR_GROUP_DN=DC=awssiladev,DC=mycomp,DC=com
USER_OU_OR_GROUP_DN=CN=Users,DC=awssiladev,DC=mycomp,DC=com
DN_PREFIX=CN=