Summary: A fix for LDAP error 'Ldaperr: DSID-0C0903AA comment: AcceptSecurityContext error data 525 v1772'
Date: Around 2013
Refactor: 16 January 2025: Checked links and formatting.

While tooling around creating this page I came across this very annoying error:

autoyast:~ # ldapsearch -h 10.10.10.101 -D CN=saldap,CN=Users,DC=adldaptest,DC=local -w ******** -b DC=adldaptest,DC=local -x uid=sjoerd
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772

Turned out that when doing AD LDAP binds like this, you need to use the user principal name (userPrincipalName):

ldapsearch -h 10.10.10.101 -D saldap@adldaptest.local -w ******** -b DC=adldaptest,DC=local uid=sjoerd