随机获得LDAP错误49，数据52E随机的用户？错误、数据、用户、LDAP

2023-09-08 13:18:49 作者：帅癌晚期

的体系结构是如下所示：

The architecture is as follows:

3 LPAR's（12实例），它们运行的BPM，并在这个问题上的设备是业务空间。

WAS 7.0 4 servers on 3 LPAR´s (12 instances), on them is running BPM and the appliance on this matter is Business Space.

有关的ID，我们有AD DS（2个分支）一个DC = principal.com至极配置为全局编录和另外一个DC = principal.com.offices

For ID we have AD DS (2 branches) one DC=principal.com wich is configured as the Global Catalog and another one DC=principal.com.offices

已指向DC = principal.com端口上3268（全局编录）

WAS is pointing to DC=principal.com on the port 3268 (global catalog)

有关，我们有以下错误的用户不到1％：

For less than 1% of the users we have the following error:

他们尝试登录，但他们不可阻挡，并收到消息请检查你的用户名和passowrd，并在我们得到以下信息日志

They try to login but they can´t and receive the message "Check your username and passowrd" and in the LOGs we get the following message

0000004c LTPAServerObj E  
SECJ0369E: Authentication failed when using LTPA. The exception is
CWWIM4529E  The password verification for the ' principal_name ' principal name failed 'e60083'. root cause: 'javax.naming.AuthenticationException:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]; Resolved object: 'com.sun.jndi.ldap.LdapCtx@519d519d''

一个用户能够在早上登录并获得自下午previously描述的错误。

A user was able to login in the morning and got the previously described error since afternoon.

一个用户可能无法从一台计算机登录，并能够从另外一个（在同一ADDS分公司）做

A user might be unable to logon from one computer and be able to do it from another one (on the same ADDS Branch)

在另一个变更控制，不涉及这个问题，当时服务器必须重新启动。问题inmediatly停止。而现在已经开始了。

On another Change control, not related to this issue, WAS servers had to be restarted. The problem stopped inmediatly. And now is starting again.

任何指针，调查将是非常有益的。在此先感谢

Any pointer to investigate would be very helpful. Thanks in advance