LDAP连接认证错误类型
ldap连接错误类型:
INVALID_CREDENTIALS: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
INVALID_CREDENTIALS: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1
| Error code | Error | Description |
|---|---|---|
| 525 | User not found | Returned when an invalid username is supplied. |
| 52e | Invalid credentials | Returned when a valid username is supplied but an invalid password/credential is supplied. If this error is received, it will prevent most other errors from being displayed. |
| 530 | Not permitted to logon at this time | Returned when a valid username and password/credential are supplied during times when login is restricted. |
| 531 | Not permitted to logon from this workstation | Returned when a valid username and password/credential are supplied, but the user is restriced from using the workstation where the login was attempted. |
| 532 | Password expired | Returned when a valid username is supplied, and the supplied password is valid but expired. |
| 533 | Account disabled | Returned when a valid username and password/credential are supplied but the account has been disabled. |
| 701 | Account expired | Returned when a valid username and password/credential are supplied but the account has expired. |
| 773 | User must reset password | Returned when a valid username and password/credential are supplied, but the user must change their password immediately (before logging in for the first time, or after the password was reset by an administrator). |
| 775 | Account locked out | Returned when a valid username is supplied, but the account is locked out. Note that this error will be returned regardless of whether or not the password is invalid. |
catch (Exception ex) { string extendError = ((System.DirectoryServices.DirectoryServicesCOMException)(ex)).ExtendedErrorMessage; if (extendError.Contains("data 773") || extendError.Contains("data 532")) { result = ADLoginResult.Success; } else { errMsg = ex.Message + "请联系管理员!"; } }
对上面的四种情况,得到的异常信息如下:
//下次登录必须修改密码 ,正确的密码
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 773, v1db1
//下次登录必须修改密码 ,错误的密码
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1
//密码过期 ,正确的密码
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 532, v1db1
//密码过期 ,错误的密码
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1
可以看出,当密码错误时,返回的错误信息中有data 52e的数据,可以依据异常信息中的这种差别来进行旧密码的校验。
参考:http://fwhyy.com/2015/09/csharp-operation-ad-to-modify-the-user-password/