Why this page exists
Most search results split LDAP result codes, AD subcodes, and operational fixes across RFCs, vendor KBs, and forum threads. This page turns a pasted error into one short checklist.
LDAP bind troubleshooting
LDAP Error Code Checker
Paste an LDAP bind error and identify the LDAP result code, Active Directory data subcode, likely cause, and next checks.
Paste the raw error
Works with common AD, JNDI, Spring LDAP, and directory bind messages that include values like error code 49 or data 52e.
Best first use case
Use it when a login, bind, sync, SSO connector, or SaaS directory integration fails with LDAP result code 49 or an AD diagnostic data value.
Common Active Directory data subcodes
| Data | Meaning | First check |
|---|---|---|
| 525 | User not found | Bind DN, UPN, search base, domain suffix |
| 52e | Invalid credentials | Password, escaping, service account secret rotation |
| 530 | Not permitted to log on at this time | Logon hours policy |
| 531 | Not permitted to log on from this workstation | Workstation restrictions |
| 532 | Password expired | Password age and reset policy |
| 533 | Account disabled | Account status |
| 701 | Account expired | Account expiration date |
| 773 | User must reset password | Password reset required flag |
| 775 | Account locked | Lockout policy and failed login source |
Public references
Need a team runbook?
Turn repeated LDAP login failures into a one-page internal checklist with fields for app, bind DN, DC, result code, AD data code, and owner.
Request a template