I run the command you suggest ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D user(a)dom.it -W -x sAMAccountName=user_to_search userPrincipalName | grep userPrincipalName This is the result: Enter LDAP Password: # requesting: userPrincipalName Nick 2017-10-10 16:21 GMT+02:00 Luca 'remix_tj' Lorenzetto <lorenzetto.luca(a)gmail.com&gt;: > On Tue, Oct 10, 2017 at 4:06 PM, nicola gentile > <nicola.gentile.to(a)gmail.com&gt; wrote: >> include = <ad.properties> >> >> vars.domain = dom.it >> vars.user = CN=myuser,OU=spuser,DC=dom,DC=it >> vars.password = xxxxxxxxx >> >> pool.default.auth.simple.bindDN = ${global:vars.user} >> pool.default.auth.simple.password = ${global:vars.password} >> pool.default.serverset.type = srvrecord >> pool.default.serverset.srvrecord.domain = ${global:vars.domain} >> pool.default.ssl.startTLS = true >> pool.default.ssl.truststore.file = ${local:_basedir}/polito.it.jks >> pool.default.ssl.truststore.password = changeit > > It's an AD? > > Can you check if userPrincipalName of the user you're trying to use > for connecting contains the login name in the format of > user(a)domain.fqdn? > > I had issues with users that had userPrincipalName wrongly formatted. > You should find nicola.gentile(a)polito.it on that field. > > You can check in this way: > > ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D user(a)dom.it > -W -x sAMAccountName=user_to_search userPrincipalName | grep > userPrincipalName > > > Luca > > > > -- > "E' assurdo impiegare gli uomini di intelligenza eccellente per fare > calcoli che potrebbero essere affidati a chiunque se si usassero delle > macchine" > Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) > > "Internet è la più grande biblioteca del mondo. > Ma il problema è che i libri sono tutti sparsi sul pavimento" > John Allen Paulos, Matematico (1945-vivente) > > Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenzetto.luca(a)gmail.com&gt;