Choose your language

Choose your login

Contact us

Common LDAP Errors

THE PAGE APPLIES TO:

LDAP can be used by PaperCut NG/MF for user authentication and for retrieving user and group lists as part of our synchronisation process. It’s the most common alternative to Microsoft’s Active Directory.

This article describes common LDAP errors and provides suggested solutions if you encounter them. This will be when running the PaperCut NG/MF User/Group synchronisation either as a live synchronisation or as a test synchronisation. When the synchronisation runs it should output the error in a newly created synchronisation window or alternatively you can view the same error in a more verbose log output within the server.log file located in [app-path]\server\logs at the same time and date it was run.

Error code 49 - Invalid Credentials

This error indicates that the admin DN authentication details entered in PaperCut LDAP settings are not valid.

Possible causes for this error are:

  • The admin password had been entered incorrectly.
  • The admin password had been entered incorrectly on the PaperCut Service Accounts when using a Multi-Domain configuration with PaperCut NG/MF.
  • The admin password has expired.
  • The admin DN is not a valid user.

Additionally when viewing this error either in the Synchronisation log output or viewing the error in the server.log file, with this particular error it may list a data value, for example:

javax.naming.`AuthenticationException`: [LDAP: error code 49 - 80090308: `LdapErr`: DSID-0C09042F, comment: `AcceptSecurityContext` error, **data 52e**, v2580]

In this example, you can see in the below table that the 52e value means Invalid Credentials. Below you can refer to other common data values and their meanings:

525User not found.
52eInvalid credentials.
530Not permitted to logon at this time.
531Not permitted to logon at this workstation.
532Password expired.
533Account disabled.
701Account expired.
773User must reset password.
775User account locked.

Error code 50 - Insufficient Access Rights

This error indicates that we can’t get Read Access with diradmin account within LDAP.

If the sync source is Google Secure LDAP, please check this article to see other reasons for LDAP error code 50: https://support.google.com/a/answer/9167101?hl=en .


For more information about PaperCut LDAP Synchronisations, see the following section of our manual.


Categories: Troubleshooting Articles , Authentication


Comments

Last updated February 15, 2024