LDAP连接认证错误类型
ldap连接错误类型:
INVALID_CREDENTIALS: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
INVALID_CREDENTIALS: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1
Error code | Error | Description |
---|---|---|
525 | User not found | Returned when an invalid username is supplied. |
52e | Invalid credentials | Returned when a valid username is supplied but an invalid password/credential is supplied. If this error is received, it will prevent most other errors from being displayed. |
530 | Not permitted to logon at this time | Returned when a valid username and password/credential are supplied during times when login is restricted. |
531 | Not permitted to logon from this workstation | Returned when a valid username and password/credential are supplied, but the user is restriced from using the workstation where the login was attempted. |
532 | Password expired | Returned when a valid username is supplied, and the supplied password is valid but expired. |
533 | Account disabled | Returned when a valid username and password/credential are supplied but the account has been disabled. |
701 | Account expired | Returned when a valid username and password/credential are supplied but the account has expired. |
773 | User must reset password | Returned when a valid username and password/credential are supplied, but the user must change their password immediately (before logging in for the first time, or after the password was reset by an administrator). |
775 | Account locked out | Returned when a valid username is supplied, but the account is locked out. Note that this error will be returned regardless of whether or not the password is invalid. |
catch (Exception ex) { string extendError = ((System.DirectoryServices.DirectoryServicesCOMException)(ex)).ExtendedErrorMessage; if (extendError.Contains("data 773") || extendError.Contains("data 532")) { result = ADLoginResult.Success; } else { errMsg = ex.Message + "请联系管理员!"; } }
对上面的四种情况,得到的异常信息如下:
//下次登录必须修改密码 ,正确的密码
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 773, v1db1
//下次登录必须修改密码 ,错误的密码
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1
//密码过期 ,正确的密码
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 532, v1db1
//密码过期 ,错误的密码
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1
可以看出,当密码错误时,返回的错误信息中有data 52e的数据,可以依据异常信息中的这种差别来进行旧密码的校验。
参考:http://fwhyy.com/2015/09/csharp-operation-ad-to-modify-the-user-password/
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步