Bind error in 3.3.0 (LdapErr: DSID-0C090DC0) #1127
Description
Hi,
beginning with Spring Boot 3.5 (Spring LDAP 3.3.0) we get the following error on out customers (Microsoft/Azure) LDAP server:
2025-07-04T09:00:11.698Z ERROR 236 --- [roundjob-worker] d.n.a.b.user.sync.UserSyncScheduler : User sync: Exception caught:
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:230) ~[spring-ldap-core-3.3.1.jar!/:3.3.1]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:404) ~[spring-ldap-core-3.3.1.jar!/:3.3.1]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:338) ~[spring-ldap-core-3.3.1.jar!/:3.3.1]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:636) ~[spring-ldap-core-3.3.1.jar!/:3.3.1]
at de.n4.aitool.backend.user.sync.UserSyncAdService.queryUser$lambda$3(UserSyncAdService.kt:84) ~[!/:0.0.1-SNAPSHOT]
at org.springframework.ldap.core.support.SingleContextSource.doWithSingleContext(SingleContextSource.java:163) ~[spring-ldap-core-3.3.1.jar!/:3.3.1]
at org.springframework.ldap.core.support.SingleContextSource.doWithSingleContext(SingleContextSource.java:121) ~[spring-ldap-core-3.3.1.jar!/:3.3.1]
at de.n4.aitool.backend.user.sync.UserSyncAdService.queryUser(UserSyncAdService.kt:79) ~[!/:0.0.1-SNAPSHOT]
at de.n4.aitool.backend.user.sync.UserSyncAdService.querySingleConfig(UserSyncAdService.kt:50) ~[!/:0.0.1-SNAPSHOT]
at de.n4.aitool.backend.user.sync.UserSyncScheduler.getAdUsers(UserSyncScheduler.kt:207) ~[!/:0.0.1-SNAPSHOT]
at de.n4.aitool.backend.user.sync.UserSyncScheduler.syncUsers(UserSyncScheduler.kt:143) ~[!/:0.0.1-SNAPSHOT]
at de.n4.aitool.backend.user.sync.UserSyncScheduler.syncUsersScheduledTask(UserSyncScheduler.kt:62) ~[!/:0.0.1-SNAPSHOT]
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[na:na]
at org.jobrunr.server.runner.AbstractBackgroundJobRunner$BackgroundJobWorker.invokeJobMethod(AbstractBackgroundJobRunner.java:65) ~[jobrunr-7.5.2.jar!/:7.5.2]
at org.jobrunr.server.runner.AbstractBackgroundJobRunner$BackgroundJobWorker.run(AbstractBackgroundJobRunner.java:39) ~[jobrunr-7.5.2.jar!/:7.5.2]
at org.jobrunr.server.runner.AbstractBackgroundJobRunner.run(AbstractBackgroundJobRunner.java:21) ~[jobrunr-7.5.2.jar!/:7.5.2]
at org.jobrunr.server.BackgroundJobPerformer.runActualJob(BackgroundJobPerformer.java:95) ~[jobrunr-7.5.2.jar!/:7.5.2]
at org.jobrunr.server.BackgroundJobPerformer.performJob(BackgroundJobPerformer.java:68) ~[jobrunr-7.5.2.jar!/:7.5.2]
at org.jobrunr.server.BackgroundJobPerformer.run(BackgroundJobPerformer.java:46) ~[jobrunr-7.5.2.jar!/:7.5.2]
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) ~[na:na]
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) ~[na:na]
at java.base/java.lang.VirtualThread.run(VirtualThread.java:329) ~[na:na]
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090DC0, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4f7c]
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3300) ~[na:na]
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3206) ~[na:na]
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2997) ~[na:na]
at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1876) ~[na:na]
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1799) ~[na:na]
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) ~[na:na]
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) ~[na:na]
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) ~[na:na]
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:346) ~[na:na]
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[na:na]
at org.springframework.ldap.core.support.SingleContextSource$NonClosingDirContextInvocationHandler.invoke(SingleContextSource.java:209) ~[spring-ldap-core-3.3.1.jar!/:3.3.1]
at jdk.proxy2/jdk.proxy2.$Proxy156.search(Unknown Source) ~[na:na]
at org.springframework.ldap.core.LdapTemplate.lambda$search$3(LdapTemplate.java:332) ~[spring-ldap-core-3.3.1.jar!/:3.3.1]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:370) ~[spring-ldap-core-3.3.1.jar!/:3.3.1]
... 21 common frames omitted
The LDAP context is generate as
fun getLdapContextSource(
syncAdServerModel: SyncAdServerRecord,
ldapCredential: LdapCredential
): LdapContextSource =
LdapContextSource().apply {
setUrl("${syncAdServerModel.typeLdap}://${syncAdServerModel.serverName}:${syncAdServerModel.serverPort}")
userDn = ldapCredential.username
password = ldapCredential.password
// needed to fully initialize the object
afterPropertiesSet()
}and later used via
...
SingleContextSource.doWithSingleContext<Collection<MyModel>>(ldapContextSource) { ... }The code still runs fine for Spring Boot 3.5 on our test deployments using OpenLDAP (version 2.5.13+dfsg-5 on Debian stable) but not in our customers deployment. They do have the "LDAP Channel Binding" option active, which might be a problem in Spring-LDAP 3.3 while not being a problem in earlier versions.
As far as I've been told, there are no logging entries available on the LDAP side, we only have the exception message.
Did I miss something in the new version? Or is this a bug?
Best regards Jan