Ldap error 32 with AD, everything seems to be ok.

Hello everybody, I am trying to fix this problem for hours now. I already read about this error in a couple of farums. But my settings seems to be right!, so I dont know what I am missing!.

Well, I used to use ApacheDS (all the logic is working fine with ApacheDS), but I want to change to AD. So I created this AD structure:

dc=mycompany,dc=com
-->O=domain1
----->OU=people
--------uid=juan.seon
--------uid=peter.some

And I have created a manager User in the configuration with all the right.

Spring security configurations and values:

<ldap-server id="ldapServer" url="^{ldap.server.url}"
manager-dn="^{ldap.server.manager.dn}"
manager-password="^{ldap.server.manager.password}"/>

<bean id="TBindAuthenticator" class="com.mycompany.security.client.authenticatio n.TBindAuthenticator">
<constructor-arg ref="ldapServer" />
<property name="bindDnPatterns">
<list><value>^{security.ldap.bind.pattern}</value></list>
</property>
</bean>

ldap.server.manager.dn=CN=Administrator,CN=Roles,C N=Configuration,CN={B74FC0BD-AFE5-410C-B342-56E712FAC060}
ldap.server.manager.password=secret
security.ldap.bind.pattern=uid={0},OU=people,O={1}

So, here is where is failing:

DirContext ctx = null;
try {
ctx = getContextSource().getContext(fullDn.toString(), password);

Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());
...

When I get the Context (getContextSource().getContext(fullDn.toString(), password);) I need to autenticate agains the AD. If the credentials are fine, then I am authenticated, otherwise, this trhow an exeption (LDAP: error code 49). So, I am authenticating agains the AD and I believe all the conection is working fine.

But, when I enter the correct credentials, then I want so get the attributes. So, I am specifing the userdn (uid=juan.seon,ou=people,o=domain1) not the full DN. (I hear in the forum that this could be the problem, If I use the FullDN then I should get ldap error:32, but this is not the case).

I am very confused about this, I think could be something related to the configurations in AD (I am new to AD). Configurations about the users? or the adminUser perhaps?? Any idea?

Thanks in advance.

a new admin user under the partition "dc=mycompany,dc=com". But this was not the problem. The problem was that each user need to have the "READERS" role. So In the role "READERS" I added the user to the member attribute, and this was the solution. Not sure if this is the best solution, and I am not sure to fully understand Why!.

Does anybody know the answer?

Thanks!