What permissions are needed to perform an LDAP bind to an active directory server? I have a central domain (call it MAIN) that has two-way trusts to domains in other forests (call then REMOTE and FARAWAY)
Using MAIN\myaccount as the username and my password I can bind to REMOTE fine, but not to FARAWAY; I get an invalid credentials response
80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
In all other ways the trusts seem to work fine.
What permissions do I need to check to figure out why the bind is failing? My understanding is that anyone in AUTHENTICATED USERS should be able to bind to LDAP, but that only seems to hold true for some domaians and not others.
Error 49, subtype 525 is bad user DN. I.e. The bind DN is not a valid object in the directory.
Error 525 is actually a DN not being found, you can take a look at this thread on the Oracle forums : http://forums.sun.com/thread.jspa?threadID=703398
Your error isn't that you don't have permission to bind, but that you are binding to a non-existent DN. Please be aware that LDAP DNs do not look like Active Directory usernames, but that they use a different format.