Access Denied error when selecting secondary domain from VMware Identity Manager login dropdown

search cancel

Access Denied error when selecting secondary domain from VMware Identity Manager login dropdown

book

Article ID: 437505

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

VMware Identity Manager (vIDM). Users encounter "Access Denied" error message when selecting the second domain from the dropdown menu on the vIDM login screen. This prevents successful authentication for users belonging to the affected directory.

Environment

VMware Identity Manager 3.3.7

Cause

The "PasswordldpAdapter" is set to "Disabled" or contains null configuration data on specific directory workers/connectors within the vIDM cluster.

Resolution

RESOLUTION

Validation Steps

Log in to the vIDM administration console as the configadmin internal user.
Navigate to Identity & Access Management.
Select Setup in the top-right corner.
Click on the Worker associated with the impacted Directory.
Select Auth Adapters.
Verify if the PasswordldpAdapter status is "Disabled" for the impacted connectors.
Click on the adapter name; if the configuration page appears blank, the connector is misconfigured.

Remediation Steps

Perform a file-based backup and take offline, consistent snapshots of all vIDM nodes in the cluster.
Re-configure the Active Directory connection:
- Navigate to Identity & Access Management > Directories.
- Edit the impacted Directory.
- Select the option: Active Directory, Integrated Windows Authentication (required for multi-directory support).
- Complete the configuration wizard to re-initialize the connector metadata.
Verify the PasswordldpAdapter status now shows "Enabled" and contains valid configuration data.

Additional Information

Configuring Active Directory Connection to the Service

Important Concepts Related to Directory Integration

Feedback

thumb_up Yes

thumb_down No