• The Identity Broker appliance is utilized for VCF Single Sign-On within a VCF 9 environment.
• An AD/LDAP server communicating over port 389 is utilized for the configuration.
• The following error is observed in the vidb-external/console-log-##.log file on the identity appliance:

  Unable to establish a connection to Active Directory or perform a bind operation, please check the configuration and try again
  ...
  Request failed with status_code: 400 with exception com.vmware.vidm.common.vertx.exceptions.WebApplicationException, cause: com.vmware.vidm.usergroup.model.exceptions.broker.connector.LdapDirectoryCommunicationFailureException

• The error 'Strong(er) authentication required (8)' is observed when using ldapsearch to test the connection to the AD/LDAP server.

  #ldapsearch -H ldap://<AD_HOST_IP> -D "CN=<USERNAME>,CN=Users,DC=<NAME3>,DC=<NAME2>,DC=<NAME1>" -W -b "CN=Users,DC=<NAME3>,DC=<NAME2>,DC=<NAME1>"  
  Enter LDAP Password:  
  ldap_bind: Strong(er) authentication required (8) 
  additional info: 00002028: LdapErr: DSID-0C090341, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4f7c

VCF 9.x

The LDAP error 'Strong(er) authentication required (8)' signifies that the Active Directory server requires a more secure authentication method, such as LDAPS or a signed/encrypted bind.

Configure LDAPS instead of LDAP to meet the server's mandatory security requirements. (Configure Active Directory as an Identity Provider Using AD/LDAP)