Setting up and enabling LDAPS in DX NetOps Performance Management Portal web server.

Getting the following errors with Test LDAP SsoConfig tests.

Could not obtain a DirectoryContext.
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563]
Logon failure: unknown user name or bad password.
Bind to the directory failed.

Three validated users have been tested with to ensure it's not a bad username or password value.

Why does it think the user is unknown or a bad password was entered?

The LDAP configuration is as follows.

SSO Configuration/DX NetOps/LDAP Authentication:
Connection User: {0}
Connection Password: ***
Search Domain: ldaps://d.r.dfait-maeci.gc.ca/OU=Users,OU=Accounts,DC=d,DC=r,DC=dfait-maeci,DC=gc,DC=ca
Search String: saMAccountName={0}
Search Scope: subtree
User Bind: Disabled
Encryption: simple
Account User: {CN}
Account User Default Clone: user
Group:
Krb5ConfigFile:
Status: Enabled
Timeout: 10000

All supported DX NetOps Performance Management Portal web server releases

Incorrect Connection User value set.

Often the simple {0} Connection User value isn't sufficient. Some LDAP environments require an option like one of the following for the Connection User value.

• {0}@domain.com
  • Replace domain.com with the correct domain.
  • Example: If using a Broadcom option it would be:
    • {0}@broadcom.com
• DOMAIN\{0}
  • Replace DOMAIN with the correct domain value.
  • Example: If using a Broadcom option it would be:
    • broadcom\{0} 
• Set a specific Service Account user from LDAP to use for the connection.
  • If using that Connection User value, ensure the configuration for the "User Bind" value is set to true using the SsoConfig command.