• RSA SecurID authentication in the vSphere Web Client fails with "Invalid Credentials"
• The vSphere Identity Source was added as Active Directory with Integrated Windows Authentication.
• The Identity Source in RSA Authentication Manager does not map the User ID to userPrincipalName.
• This issue is not seen when the Identity Source is configured to map the User ID  to userPrincipalName.
• The below error is seen in the /var/log/vmware/sso/vmware-sts-idmd.log:

YYYY-MM-DDTHH:MM:SS.000 vsphere.local e707bba3-8443-40d3-91b1-279c8a584b4a WARN ] [LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: 32
YYYY-MM-DDTHH:MM:SS.000 vsphere.local  e707bba3-8443-40d3-91b1-279c8a584b4a ERROR] [OpenLdapClientLibrary] Exception when calling ldap_search_s: base=null, scope=2, filter=(&(samAccountName=username)(objectClass=user)), attrs=[Ljava.lang.String;@6165a8a8, attrsonly=0
com.vmware.identity.interop.ldap.NoSuchObjectLdapException: No such object

YYYY-MM-DDTHH:MM:SS.000 <child.domain.com> 729ab292-5b6e-493e-9b0c-290529002e39 ERROR] [IdentityManager] Failed to authenticate principal [[email protected]] for tenant [vsphere.local]
com.vmware.identity.interop.idm.IdmNativeException: Native platform error [code: -1765328360][null][null]

VMware vCenter Server Appliance 6.0.x
VMware vCenter Server Appliance 6.5.x
VMware vCenter Server Appliance 6.7.x

In vCenter Server 6.x the Identity Source type "Active Directory with Integrated Windows Authentication" contains a null value for the User Base DN in the identity store.

To workaround this issue: Add the Identity Source as an "Active Directory as a LDAP Server"

Note: This Identity Source type requires a User Base DN and User Group Base DN during configuration.