ldap错误代码8得到了一些人

Question

我有一些问题。

列出的错误：

LDAP error code 8 - server log javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090202, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580 ]

- problem action(?) 
    client to login request to server. 
    and server send request to LDAP. 
    some people login sucess. but, other some people login failed. 
    LDAP response error code 8, and server log got [javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090202, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580 ]] 

    but i using LDAP. no LDAPS. 

- some people said check under #1. 
    - #1. KRDOM01 : HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ NTDS \ Parameters \ LDAPServerIntegrity = 1 

    but #1 setting LDAPServerIntegrity = 1 

- my code was 
    Hashtable<String, Object> env = new Hashtable<String, Object>(); 
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
    env.put(Context.PROVIDER_URL, "ldap://"+host+":"+port); 
    env.put(Context.SECURITY_AUTHENTICATION, "simple"); 
    env.put(Context.SECURITY_PRINCIPAL, principal); 
    env.put(Context.SECURITY_CREDENTIALS, pwd); 



why some people login ok, why some people got fail? 

请帮助我。

Answer 1

这些错误表明您的LDAP服务器设置为需要签名。

如果使用SSL进行连接，然后将数据签名不是required.4

如果你能做出一个成功的绑定，然后我就“猜”你先连接服务器没有启用签约并且您被引用到已启用签名的域控制器。

参见： https://support.microsoft.com/en-us/help/2545140/fast-esp-unable-to-use-active-directory-accounts-for-authentication-login-fails-with-ldaperr-dsid-0c0901fc