IDP 3.1 LDAP Authn without SSL

Peter Schober peter.schober at
Thu May 21 04:16:04 EDT 2015

* NPTabunakawai <nimcee at> [2015-05-21 09:32]:
> From some of the previous posts I gathered that it was possible to
> connect to ldap without ssl.

The Shibboleth IDP software does not mandate that you connect to your
LDAP DSA over TLS (or using the unspecified LDAPS protocol).
But your LDAP DSA might very well.
The former is software implementation, the latter your local LDAP
deployment decisions.

> org.ldaptive.LdapException: javax.naming.AuthenticationException: [LDAP:
> error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
> AcceptSecurityContext error, data 525, vece]

LDAP result message 49 is "invalidCredentials", cf. RFC 4511.
Check the documentation for your LDAP implementation (or search the
web) whether any of the other codes here give additional insight into
the error messge from your LDAP DSA.

More information about the users mailing list