Service accounts and users fail to login and problems syncing VMware Identity Manager to Active Directory when using Aria Products
search cancel

Service accounts and users fail to login and problems syncing VMware Identity Manager to Active Directory when using Aria Products

book

Article ID: 402907

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

 

  • API-based login requests using Postman or curl fail to generate tokens.

  • Service account cannot access connected Aria products via SSO.

  • Directory in Identity & Access Management shows no successful sync in many days.

  • /opt/vmware/horizon/workspace/logs/connector.log on the vIDM appliance contains errors similar to:

    com.vmware.horizon.connector.exception.HorizonException: The BindDN user must have attribute/s email, firstName

 

Environment

VMware Identity Manager 3.3.7  

Cause

vIDM requires specific user attributes to be present for directory synchronization to succeed. If the BindDN user (used for directory binding and sync operations) does not contain required attributes, synchronization fails silently and prevents updated directory data from being used in token authentication.

Required attributes include:

  • email

  • firstName

  • lastName

Resolution

  1. Log in to Active Directory Users and Computers.

  2. Locate the BindDN service account configured in vIDM.

  3. Add or populate the following user attributes:

    • email

    • firstName

    • lastName

  4. Log in to the vIDM UI:

    • Navigate to Identity & Access Management > Directories

    • Select the affected directory and trigger a manual sync

  5. Confirm that the synchronization completes successfully.

  6. Retry the token request via Postman or curl or attempt to login with users that were previously failing to login.

Powered by Wolken Software