Ldap Autentication

I´m trying to authenticate in a domain using java and ldap.

  public boolean connect( String username, String password )
    throws Exception {
    try  {
        Hashtable env = new Hashtable();
        env.put(Context.PROVIDER_URL, url);
        env.put(Context.SECURITY_CREDENTIALS, password);
        env.put(Context.SECURITY_PRINCIPAL, username + "@" + domain);
        dirContext = new javax.naming.directory.InitialDirContext(env);    
        return true;
    } catch ( NamingException e )  {
        System.out.println("error: " + e.getMessage());
          return false;
    } catch ( Exception e )  {
        throw new Exception ("ERROR-LDAP: Error autenticando " + username +"/"
        + password + " " + e.getMessage(), e);

where url:
url = "ldap://" + host + ":" + port + "/";

When I execute the code I get this error:

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893 ]

I know that this error is because the user cant logon in all domain computers.
I cant change this property and I want to know if there is a solution for this problem and how can I fix it.
Who is Participating?
Best I can do is give you some details on your error:

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893
HEX: 0x531 - not permitted to logon from this workstation
DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.)
LDAP[userWorkstations: <multivalued list of workstation names>]
NOTE: Returns only when presented with valid username and password/credential.

Basically what this says to me is that the user is not allowed to logon from that particular workstation. Is the user able to logon interactively?
olgavillamizarAuthor Commented:
Hi Krule!
No the user has able to logon in few or in one workstation only.
When the user has the property to logon in all computers the error doesnt appear, but how to solve this without give to the user this property..(all computers)
This is more of a LDAP question than it is JSP related, and as I am not an LDAP master, I cannot answer (sorry).

I can tell you with my limited LDAP knowledge that by the principle is that a user cannot access a machine that he cannot access (seems fairly obvious :p). So, either you give him access (limited) to do a programatic logon on that machine, or you don't, and it doesn't work.

That being said, there may be a way to get around this, you would have to ask in the LDAP forum however.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.