什么是子错误code 568的意思是LDAP错误49与Active Directory [英] What does sub error code 568 mean for Ldap Error 49 with Active Directory
问题描述
我写一些Java code进行身份验证使用SASL GSSAPI Active Directory中。多属此code为工作正常,但一个用户我得到了响应:
I am writing some Java code that authenticates to Active Directory using SASL GSSAPI. Mostly this code is working fine but for one user I am getting the response:
javax.naming.AuthenticationException: [LDAP: error code 49 - 8
0090304: LdapErr: DSID-0C0904D1, comment: AcceptSecurityContext error, data 568,
v1772 ]
我知道,49表示这是一个身份验证失败,并且相关的子code是568,但我只知道该数据的含义如下的:
I know that 49 means this is an authentication failure, and that the relevant sub code is 568, but I am only aware of the following meanings for that data:
- 在525 - 用户没有找到
- 在52E - 凭据无效
- 在530 - 不允许登录此时间
- 在532 - 密码过期
- 在533 - 帐户已停用
- 在701 - 帐户过期
- 在773 - 用户必须重新设置密码
到目前为止,我无法找到这些错误codeS从微软的权威性源(这个列表是从论坛帖子拼凑在一起),我找不到任何为568的错误。
So far I am unable to find an authorative source of these error codes from Microsoft (this list is pieced together from forum posts) and I can't find anything for that 568 error.
有谁知道这是什么意思?
Does anyone know what it means?
编辑:它看起来像这个名单的来源是从的从IBM 本文档
It looks like the source of this list comes from this documentation from IBM
推荐答案
This and this list contain error codes that seem to correspond to the above numbers, viz.
- ERROR_NO_SUCH_USER 1317(0x525)指定的帐户不存在。
- ERROR_LOGON_FAILURE 1326(0x52E)登录失败:未知的用户名或密码错误
- ERROR_INVALID_LOGON_HOURS 1328(0x530)登录失败:帐户登录时间限制违规
- ERROR_PASSWORD_EXPIRED 1330(0x532)登录失败:指定的帐户密码已过期
- ERROR_ACCOUNT_DISABLED 1331(0x533)登录失败:当前已禁用的帐户
- ERROR_ACCOUNT_EXPIRED 1793(0x701)用户的帐户已过期。
- ERROR_PASSWORD_MUST_CHANGE 1907年(0x773)用户的密码必须登录在第一时间之前可以更改。
从这个名单看来,这个错误code是指:
From this list it appears that this error code means:
ERROR_TOO_MANY_CONTEXT_IDS 1384(0x568)期间登录尝试,用户的安全上下文积累了过多的安全标识。
ERROR_TOO_MANY_CONTEXT_IDS 1384 (0x568) During a logon attempt, the user's security context accumulated too many security IDs.
事实证明,这个账户有2000组成员这是超越了内部Active Directory限制。您可能只有1015左右,组成员否则登录失败。
It turns out that this account has 2000 group memberships which are overrunning an internal Active Directory limit. You may only have 1015 or so group memberships otherwise login will fail.
的更多信息,请访问: http://go.microsoft.com/ fwlink /?LINKID = 146571 。
More information is available on this error at: http://go.microsoft.com/fwlink/?LinkId=146571.
这篇关于什么是子错误code 568的意思是LDAP错误49与Active Directory的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
