I'm trying retrieve some information from MS AD: members of the specific branch, department names, positions, etc.

I used a lot of examples, including Apache Directory LDAP API and UnboundID, but I can't get the connection with AD.

RDNs:

C:\Users\Aleksey> whoami /fqdn
       CN=my common name here,
       OU=my organization unit here,
       OU=organization unit 2 here,
       OU=organization unit 1 here,
       OU=main organization unit here,
       DC=.my domain here,
       DC=domain 2 here,
       DC=main domain here

For searching, I use the following filter:

public class LdapRetriever {
    public static void main (String[] args) {
        Hashtable env = new Hashtable();

        env.put(Context.INITIAL_CONTEXT_FACTORY, 
            "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://" + 
            "ip of domain controller here" + ":389");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        // Also I try to use the following SECURITY_PRINCIPAL: 
        // my login only, my domain\ my login
        env.put(Context.SECURITY_PRINCIPAL, "my login here" + "@" + 
            "my domain here.domain 2 here.main domain here");
        env.put(Context.SECURITY_CREDENTIALS, "my password here");

        try {           
            DirContext ctx = new InitialLdapContext(env,null);
            String returnedAtts[]={"sn","title","department","givenName"};

            SearchControls searchCtls = new SearchControls();  
            searchCtls.setReturningAttributes(returnedAtts);  
            searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

            String searchFilter = "(&(objectClass=user)(cn=*))";
            String searchBase = 
                "DC=my domain here,DC=domain 2 here,DC=main domain here";

            NamingEnumeration answer = ctx.search(searchBase, 
                searchFilter, searchCtls);
            ...

When I create the directory context by using data from the env I get an exception:

Exception in thread "main" javax.naming.AuthenticationException: 
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 531, vece

If the password is not specified, I get the following exception:

Problem searching directory: 
javax.naming.NamingException:[LDAP:error code 1 - 00000000: 
LdapErr: DSID-0C090627, comment: 
In order to perform this operation a successful bind must be completed 
on the connection., data 0, vece]; remaining name 
'DC=my domain here,DC=domain 2 here,DC=main domain here'

I have verified that my account is not locked.

According the list of common active directory LDAP bind errors:

525​  user not found ​
52e​  invalid credentials ​
530​  not permitted to logon at this time​
531​  not permitted to logon at this workstation​
532​  password expired ​
533​  account disabled ​
701​  account expired ​
773​  user must reset password ​
775​  user account locked

In my case it means: "not permitted to logon at this workstation​", but with the same credentials I can logon to the domain.

What could be the reason?

The Error Code 531 is most likely related to a configuration of the AD. In some cases a user is restricted to login from only one workstation for example your working pc.
This is configured in the userWorkstations field of the user.
When you can't login to your AD using RDP you need your AD admin to check your account for this field and that the AD Server is included in your userWorkstations or the field is removed completly.

My project uses ldap auth. I have compared your sources with my impl. There are identical except SECURITY_PRINCIPAL parameter.

It works for me:

String login = "login";
String base = "ou=People,dc=example,dc=com";
String dn = "uid=" + login + "," + base;
env.put( Context.SECURITY_PRINCIPAL, dn );

Error data 531, implies you can not login from that workstation. Error data 525, implies the entry does not exist.

You can determine the user's FDN from the DC by issuing: { dsquery user -samid jim

"CN=Jim Willeke,CN=Users,DC=mad,DC=willeke,DC=com" }

We have some JNDI Samples that work with AD (Assuming you know the proper parameters)

You may find it easier to utilize a LDAP Browser and authenticate with that first then you know what parameters will work. We like Apache Studio.