• LDAP users fail to log into Tanzu Operations Manager GUI. 
• Error returned is: "Provided credentials are invalid. Please try again"
• The users failing to log in are mapped to Opsman Roles in UAA via an LDAP group.
• The uaa.log in home/tempest-web/uaa/tomcat/logs/ reports errors like:
  
  

  DEBUG --- BindAuthenticator: Failed to bind with any user DNs []

Tanzu Operations Manager integrated with LDAP.

The failure in this instance is caused by the User Search Filter value in Opsman > Settings > LDAP Settings section. This value must match the attributes configured in LDAP. For example, if the value for User Search Filter is set to "cn={0}", UAA will attempt to match a user in LDAP using the cn attribute associated with the user. If the value for User Search Filter is set to "sAMAccountName={0}", UAA will attempt to match a user in LDAP based on the sAMAccountName attribute associated with the user in LDAP. 

The value in the User Search Filter must be able to match the value configured in LDAP with the username attempting login in Opsman. If the username is "testuser" and the User Search Filter value is configured with "cn={0}", the cn value in LDAP must display as "testuser".

Ensure the User Search Filter value configured in the Opsman > Settings > LDAP Settings section matches the username value being passed to LDAP during login.