annagapuz · August 19, 2021 14:14
diff --git a/LDAPAuthErrorCodes.txt b/LDAPAuthErrorCodes.txt
 The key portion of the error message is the javax.naming.AuthenticationException in brackets. Example:

 [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
 The AD-specific error code after the 'data' word ('52e' in the above example) is the actual error string returned to the binding process and will provide an explicit reason for the failure;

 525 user not found  
 Description: Returns when username is invalid.

 52e invalid credentials  
 Description: Logon failure: unknown user name or bad password. Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

 530 not permitted to logon at this time
 Description: Logon failure: account logon time restriction violation. Returns only when presented with valid username and password/credential.

 531 not permitted to logon at this workstation
 Description: Logon failure: user not allowed to log on to this computer. Returns only when presented with valid username and password/credential.

 532 password expired  
 Description: Logon failure: the specified account password has expired.  Returns only when presented with valid username and password/credential.

 533 account disabled  
 Description: Logon failure: account currently disabled. Returns only when presented with valid username and password/credential.

 701 account expired  
 Description: The user's account has expired. Returns only when presented with valid username and password/credential.

 773 user must reset password  
 Description: The user's password must be changed before logging on the first time. Returns only when presented with valid username and password/credential.

 775 user account locked
 Description: The referenced account is currently locked out and may not be logged on to. Returns even if invalid password is presented
	The key portion of the error message is the javax.naming.AuthenticationException in brackets. Example:

	[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
	The AD-specific error code after the 'data' word ('52e' in the above example) is the actual error string returned to the binding process and will provide an explicit reason for the failure;

	525 user not found
	Description: Returns when username is invalid.

	52e invalid credentials
	Description: Logon failure: unknown user name or bad password. Returns when username is valid but password/credential is invalid. Will prevent most other errors from being displayed as noted.

	530 not permitted to logon at this time
	Description: Logon failure: account logon time restriction violation. Returns only when presented with valid username and password/credential.

	531 not permitted to logon at this workstation
	Description: Logon failure: user not allowed to log on to this computer. Returns only when presented with valid username and password/credential.

	532 password expired
	Description: Logon failure: the specified account password has expired. Returns only when presented with valid username and password/credential.

	533 account disabled
	Description: Logon failure: account currently disabled. Returns only when presented with valid username and password/credential.

	701 account expired
	Description: The user's account has expired. Returns only when presented with valid username and password/credential.

	773 user must reset password
	Description: The user's password must be changed before logging on the first time. Returns only when presented with valid username and password/credential.

	775 user account locked
	Description: The referenced account is currently locked out and may not be logged on to. Returns even if invalid password is presented