Re: Active Directory: ldap_simple_bind_s error codes

---

• From: bekz <becks007@xxxxxxxxx>
• Date: Wed, 11 Jul 2007 16:14:57 -0000

---

Thanks a lot Joe!

On Jul 11, 8:29 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:

The extended server error codes are pretty helpful, as they tell you the
exact reason the bind failed. This only works for simple bind (not for
secure for whatever reason), but it is very useful. It is probably easier
than trying to determine if the user is locked, account expired, account
disabled, password expired or password set to change at next logon.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--"bekz" <becks...@xxxxxxxxx> wrote in message

news:1184164078.102117.6410@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jul 11, 5:26 pm, Michael Ströder <mich...@xxxxxxxxxxxx> wrote:

bekz wrote:

1.http://forum.java.sun.com/thread.jspa?messageID=4227692==> says to
use ldap_get_option() to get the error string and then parse and
extract the error codes. To my understanding this is an extended error
message

You should do this in any case.

2.http://blogs.msdn.com/jpelak/archive/2006/01/08/510563.aspx==>
says to analyze few attributes like accountExpires/userAccountControl

This could be an additional source for information what went wrong. But
these are proprietary attributes in AD. You may also not have the right
to read the user entry before binding.

Ciao, Michael.

Hi Ciao,
Thanks for the reply

I will be having the access to do the search which is achieved using
another user credentials.

Thanks
becks

.

---

• References:
  • Active Directory: ldap_simple_bind_s error codes
    • From: bekz
  • Re: Active Directory: ldap_simple_bind_s error codes
    • From: Michael Ströder
  • Re: Active Directory: ldap_simple_bind_s error codes
    • From: bekz
  • Re: Active Directory: ldap_simple_bind_s error codes
    • From: Joe Kaplan

• Prev by Date: Re: adprep failure, adding 2003 R2 x64 server to 2000 domain Optio
• Next by Date: Global Catalog Server Configuration
• Previous by thread: Re: Active Directory: ldap_simple_bind_s error codes
• Next by thread: RE: event id 1411
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Integrated Windows Authentication Timeout? ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... long as they are all on the same account. ... SPN exists on the account that is running the service. ... (microsoft.public.dotnet.framework.aspnet.security) Re: accessing emails using owa ... traceable? ... "Joe Kaplan" wrote: ... When the user is behind a firewall router, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... account. ... (microsoft.public.dotnet.security) Re: Problem establishing SSL connection in code-behind ... On Jan 5, 11:24 pm, "Joe Kaplan" ... service account only needs read access to AD. ... Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net ... The Win32 LogonUser API is completely new to me. ... (microsoft.public.dotnet.framework.aspnet.security) error from federation server proxy ... the application is not opening and going to federation server ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... (microsoft.public.windows.server.active_directory) Re: LDIFDE Error when trying to change passwords. ... "Joe Kaplan" wrote: ... The -h adds the encryption. ... Co-author of "The .NET Developer's Guide to Directory Services ... command or the bind command as I am not sure how to use them. ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2007-07