I have set up a few SSL VPN's so far on Edge appliances, with Local or Radius Authentication, and they work fine.

But I've been trying to configure one to use Active Directory for Auth, and it isn't working.  I'm pretty sure that there is just some finicky configuration issue that I've failed to input correctly.  When I use local Authentication on the same device, it authenticates correctly.

vShield Version: 5.1.2-943471

Edge Interfaces:

External:     xxx.xxx.xxx.xx8

                  xxx.xxx.xxx.xx9

Internal:      172.17.21.0/24

Active Directory Server: 172.17.21.2

NAT: Masquerade for outbound, and I have a *temporary* NAT translation of xxx.xxx.xxx.xx9:389 <--> 172.17.21.2:389

I can use this translation to perform AD Lookups with the same Search Base and Bind DN from my linux workstation without issues.

Search Base: OU=VPNACCESS,OU=xxxxxxxxxxx,DC=internal,DC=xxxxxxxxxxx,DC=org

Bind DN: LDAP Bind

Here is a screencap of one of my attempts:

I've tried inserting single and double quotes around the Search base and Bind DN, and I've tried escaping the space in the Bind DN with a backslash.  I've tried hairpinning the authentication to use the xxx.xxx.xxx.xx9 address (that one provides an internal error).  I'm currently working under the assumption that 'internal error' means there is a problem with the configuration, and the internal error pops up whenever I use quotes or escape the Bind DN.  The log on the console doesn't show anything either way, which makes it difficult to diagnose.

Here is my external test:

ldapsearch -h xxx.xxx.xxx.xx9 -b 'OU=VPNACCESS,OU=xxxxxxxxxxx,DC=internal,DC=xxxxxxxxxxx,DC=org' -D 'LDAP Bind' -w 'password' '(objectClass=user)' sAMAccountName

Does anyone have an example they can screenshot, or do they see what I'm doing wrong?  I've been dealing with support for awhile, and I haven't gotten a satisfactory response.

Possible Gotcha: the current password has an "@" in it.