SecureAuth IdP Version affected: All
When attempting to login to a realm using ADLDS as a membership provider the login will fail when entering the password with "Password does not match" despite the password being correct:
Additionally the warning.log for the realm will contain the following:
<Root><EventID>51101</EventID><Timestamp>7/26/2017 11:31:03 AM</Timestamp><SeverityLevel>Error</SeverityLevel><Priority>1</Priority><Message>LDAPMembershipProvider.ValidateUserWithLDAPConnectionBind: username: bob, Exception: The supplied credential is invalid.</Message></Root>
If the Workflow is set to request Username only then the user is able to login, this proving that the realm is able to query the ADLDS membership provider.
The user object is disabled in ADLDS. Newly created objects in ADLDS default to a disabled state.
Enable the user object in ADLDS using a tool capable of writing to ADLDS e.g. ADSIEdit, PowerShell etc.
To enable the account edit the attribute named msDS-UserAccountDisabled, setting it to False: