Unable to Log In to NSX-T Manager UI Without Using Domain Name in Username
Article ID: 416687
Updated On:
Products
Issue/Introduction
- The NSX-T Manager is currently configured to use LDAP authentication
- Unable to log in to NSX Manager UI with LDAP username only
- Users are able to log in successfully using the format
user_name@domain_name - Login to the UI without the domain name fails with an error similar to the one below
Your login attempt was not successful. The username/password combination is incorrect or the account specified has been locked
Environment
VMware NSX
Cause
NSX-T Manager requires the domain name as part of the username to correctly identify the associated LDAP Identity Source. In addition to the primary domain name, each LDAP Identity Source may also have alternative domain names configured, and NSX-T supports up to three LDAP Identity Sources simultaneously. The domain name portion of the login (e.g., @domainname) is therefore used to determine which LDAP configuration to apply. Without the domain name, NSX-T cannot distinguish between multiple LDAP Identity Sources or differentiate LDAP users from local users, resulting in login failure.
Resolution
This is an expected behavior. To login to the NSX manager UI using the LDAP user, use the format user_name@domain_name.
For more details, please refer to the official NSX documentation LDAP Identity Source.
Additional Information
If this KB article does not address your issue or you have additional questions, please raise a support ticket with Broadcom Support and select NSX as the product.
Handling Log Bundles for offline review with Broadcom support.
Feedback
