I'm trying to find out more info on what causes Invalid Request (-641) errors. I have a two server eDirectory tree. One server is eDir 9.2.8 and one is 9.2.7. There is an instance of SSPR installed that has both servers listed as an LDAP source. This tree is strictly used for LDAP based authentication.
For some reason, when some users login to SSPR, their login is failing and I see an "NDS Error: invalid request (-641)" in the SSPR log. SSPR reports it as a wrong password, but I think that is incorrect as I've verified the passwords are correct. I also see this in the LDAP trace log:
"Failed to authenticate full context on connection 0x82f73800, err = invalid request (-641)"
What's interesting is that all other applications that use the tree for LDAP (including Access Manager) are functioning fine. Only SSPR is having this issue.
This tree does have EBA enabled, but it's been enabled for a long time and this just started happening recently.
Any ideas? I have seen time drift a bit, so I'm leaning toward a time sync issue, but it's only been off 1 or 2 seconds at almost and I wouldn't think that would affect an LDAP bind. Unless SSPR is doing something different than a regular bind? Regardless, I'm pursuing getting that corrected.
Thanks.
Matt