Article Applies To: 

Affected SonicWALL Security Appliance Platforms:

Gen6: NSA E10800, NSA E10400, NSA E10200, NSA E10100
Gen5: NSA E8510, E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400 MX, NSA 240, NSA 220, NSA 220 /W. NSA 250M, NSA 250M /W.
Gen5 TZ Series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 W, TZ 215, TZ 215 W, TZ 105, TZ 105 W, TZ 205, TZ 205 W.
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260.
Gen4: TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless


Firmware/Software Version:
SonicOS Enhanced 3.0 and above
Services: LDAP


Problem Definition:

The error, Credentials not valid at LDAP server - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1771, is displayed in the LDAP configuration window when attempting to either test a user under the Test tab or when trying to auto-configure LDAP users and user groups under the Directory tab.

When this error occurs the following log message is generated. From the log message it is evident that this is an LDAP Bind error. When integrating SonicWALL with an LDAP server, the user entered under Login user name of the LDAP > Settings tab makes a Bind request. This request could fail if the username, password or the directory entered under User tree for login to server is incorrect.

Resolution or Workaround:

Check the following to correct this issue:
  • That the Login user name on the LDAP > Settings tab (if Give login name/location in tree is selected) is the display name and not the username. For example, John Doe is a display name and jdoe is the username.
  • That the above user is in the directory entered under User tree for login to server. This is normally the Users directory.

  • If Give bind distinguished name is selected under LDAP > Settings, make sure it is correct. For example, this is the DN of an administrator in the Users directory:
CN=Administrator,CN=Users,DC=hal-2010,DC=local
  • That the password entered is correct.
Note: The user to bind to the LDAP server could be a normal domain user and need not be an administrator