When attempting to add an LDAPS Identity Provider in the NSX Manager UI, the operation fails with the following error: Domain <domain_name> is already mapped to LDAP identity source <source_name> (Error code: 53013)

This issue typically occurs in VMware Cloud Foundation (VCF) environments where:

• The Identity Source is configured and visible in SDDC Manager.
• The Identity Source is visible in the Management Domain's NSX Manager but missing from a Workload Domain's NSX Manager UI.
• Manual attempts to add the same domain in the Workload Domain NSX Manager trigger the mapping conflict error.

VMware NSX 

VMware VCF 

While the Identity Source is not visible in the NSX Manager UI, the domain mapping still exists in the underlying configuration state.

This often happens due to:

• A partial or failed synchronization task from SDDC Manager.
• A previous manual configuration that was not fully purged from the NSX Manager database.
• The domain being previously registered under a different Identity Source name that is currently hidden.

To resolve this issue, 

• Check for Hidden Configurations Log in to the NSX Manager as admin and retrieve all configured LDAP identity sources, including those not appearing in the UI, by using the following API command (via Postman, curl, or a similar tool): GET https://<NSX-Manager-IP>/api/v1/aaa/ldap-identity-sources
• Identify and Remove the Conflicting Source Review the JSON response from Step 1 to locate the entry for the conflicting domain (e.g., abc.de.com) or the identity source name. Note the id of that entry.
• Delete the stale identity source using the following API command: DELETE https://<NSX-Manager-IP>/api/v1/aaa/ldap-identity-sources/<ID-from-step-1>
• On SDDC manager edit the LDAPS Identity provider and save it.