LDAP error code 49 – Failed, invalid credentials – user cannot log in to Connections

A customer had a problem with a single user not being able to authenticate with Connections. The user had an active profile and they use Domino LDAP.

The SystemOut.log showed.

[1/5/15 13:27:31:824 GMT] 00000190 LTPAServerObj E   SECJ0369E: Authentication failed when using LTPA. The exception is com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4529E  The password verification for the ‘juser’ principal name failed. Root cause: ‘javax.naming.AuthenticationException: [LDAP: error code 49 – Failed, invalid credentials for CN=Joe User,OU=xxx,OU=xx,o=xxx]; Resolved object: ‘com.sun.jndi.ldap.LdapCtx@8dd3a48”..
[1/5/15 13:27:31:825 GMT] 00000190 FormLoginExte E   SECJ0118E: Authentication error during authentication for user juser

Looking in the associated FFDC log I found.

Caused by: com.ibm.websphere.wim.exception.AuthenticationNotSupportedException:
CWWIM4530E  The authentication is not supported by the ‘xxx LDAP’ repository. Root cause: ‘javax.naming.AuthenticationNotSupportedException: [LDAP: errorcode 48 – Failed, server access denied]; Resolved object: ‘com.sun.jndi.ldap.LdapCtx@af24747e”

errorcode 48 – Failed, server access denied” interested me but I couldn’t find reference to it anywhere.

The user’s person document looked OK. I asked the customer if the user was in any deny access groups which turned out to be the cause of the problem. The user had been added to a deny access group for the LDAP server. Removing her allowed her to authenticate.