Unable to Authenticate AD Users in vIDM When Using OU in Base DN
Article ID: 402842
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
After integrating Active Directory (AD) with VMware Identity Manager (vIDM), users were unable to log in using their domain credentials. The login attempts resulted in an "invalid username or password" error.
Environment
VMware Identity Manager 3.3.x
Cause
The issue could be due to the Base DN being set to a specific Organizational Unit (OU) in the vIDM directory configuration (e.g., OU=Users,DC=example,DC=com). When an OU is specified in the Base DN, vIDM limits its LDAP search scope to that specific OU and its sub-OUs.
If the user attempting to log in does not reside within that defined OU hierarchy, vIDM is unable to locate the user object and subsequently fails to authenticate the login request.
Resolution
To resolve the issue, please follow the below steps:
-
Take a non memory snapshot of vIDM.
-
Log in to the vIDM admin console.
-
Navigate to Identity & Access Management > Directories.
-
Scroll down to locate Base DN.
-
Update the Base DN to use the domain-level format.
-
For example:DC=example,DC=com
-
-
Save the configuration
This configuration allows vIDM to perform LDAP searches across the entire directory structure and authenticate users correctly, regardless of their OU location.
Feedback
Yes
No
Powered by
