Domain user login failure when user is not in the hierarchy of Base DN
search cancel

Domain user login failure when user is not in the hierarchy of Base DN


Article ID: 342745


Updated On:


VMware VMware Aria Suite


  • After configuring your directory, only some of the users are able to log in to vRealize Automation.
  • Users that are failing are not contained in the hierarchy of the base DN configured in the Directory.


VMware vRealize Automation 7.1.x
VMware Identity Manager 19.03.x
VMware vRealize Automation 7.0.x


This issue occurs because vRealize Automation/ Identity Manager cannot perform authentication against active directory locations that are not contained within the hierarchy of the configured Directory.


To resolve this issue you will need to alter the Base DN configured with most lowest hierarchy in the Directory to include the users that are failing login.
Note: If the user is not under Base DN of ldap AD configuration, then user will not be allowed to login.

For example:

This example has the Base DN details of configured directory and the steps to add users and groups:
  1. Directory Base DN:


  2. Select Users.
  3. Enter the DN for Users:


  4. Select Groups.
  5. Enter the DN for Groups:


    Note: The group ou1 contains user2 and user3, the group ou2 contains user4 and user5.
After syncing the directory, all five users will get synced successfully. However, only user4 and user5 can login.
As user1, user2 and user3 are not in the hierarchy of Base DN (CN=Users,DC=corp,DC=local), they will not be able to login and get the error as authentication failure.
To resolve this, change the directory configuration Base DN with most lowest hierarchy to DC=corp,DC=local and save the changes. This will allow all five users to login successfully.

Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box..用户不在基本 DN 的层次结构中时域用户登录失败