Common LDAP Errors
LDAP can be used by PaperCut NG/MF for user authentication and for retrieving user and group lists as part of our synchronisation process. It’s the most common alternative to Microsoft’s Active Directory.
This article describes common LDAP errors and provides suggested solutions if you encounter them. This will be when running the PaperCut NG/MF User/Group synchronisation either as a live synchronisation or as a test synchronisation. When the synchronisation runs it should output the error in a newly created synchronisation window or alternatively you can view the same error in a more verbose log output within the server.log
file located in [app-path]\server\logs
at the same time and date it was run.
Error code 49 - Invalid Credentials
This error indicates that the admin DN
authentication details entered in PaperCut LDAP settings are not valid.
Possible causes for this error are:
- The admin password had been entered incorrectly.
- The admin password had been entered incorrectly on the PaperCut Service Accounts when using a Multi-Domain configuration with PaperCut NG/MF.
- The admin password has expired.
- The
admin DN
is not a valid user.
Additionally when viewing this error either in the Synchronisation log output or viewing the error in the server.log
file, with this particular error it may list a data value, for example:
javax.naming.`AuthenticationException`: [LDAP: error code 49 - 80090308: `LdapErr`: DSID-0C09042F, comment: `AcceptSecurityContext` error, **data 52e**, v2580]
In this example, you can see in the below table that the 52e value means Invalid Credentials. Below you can refer to other common data values and their meanings:
525 | User not found. |
52e | Invalid credentials. |
530 | Not permitted to logon at this time. |
531 | Not permitted to logon at this workstation. |
532 | Password expired. |
533 | Account disabled. |
701 | Account expired. |
773 | User must reset password. |
775 | User account locked. |
Error code 50 - Insufficient Access Rights
This error indicates that we can’t get Read Access with diradmin
account within LDAP.
If the sync source is Google Secure LDAP, please check this article to see other reasons for LDAP error code 50: https://support.google.com/a/answer/9167101?hl=en .
For more information about PaperCut LDAP Synchronisations, see the following section of our manual.
Categories: Troubleshooting Articles , Authentication
Last updated February 15, 2024
Comments