LDAP Error Code Messaging

Daniel Fisher dfisher at vt.edu
Mon Nov 5 23:25:25 EST 2018

On Mon, Nov 5, 2018 at 4:26 PM Lille M <lillemacdoe at gmail.com> wrote:

> org.ldaptive.LdapException: javax.naming.OperationNotSupportedException:
> [LDAP: error code 53 - Account inactivated. Contact system administrator.]
>     at
> net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP.doExecute(ValidateUsernamePasswordAgainstLDAP.java:187)

You need to configure a response handler to produce an account state.
Ldaptive doesn't ship with one specific to 389 directory server, but it
does have one for FreeIPA which I believe is based on 389.
Add to ldap-authn-config.xml:
<bean id="authenticationResponseHandler"
class="org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler" >
<constructor-arg value="0" /><constructor-arg value="0" /><constructor-arg
value="0" /></bean>

(I left the constructor args at zero assuming you're not interested in
configuring account states for successful authentication.)
If the response handler works you should be able to match on

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181105/7c99b0e2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6317 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20181105/7c99b0e2/attachment.p7s>

More information about the users mailing list