I worked through this with a client on 5.15 last week and ultimately found a solution. We had the exact same issue - the test authentication worked but actually logging in failed. This is with the LDAP Synchronization Module.
Short answer: change your search filter from:
Long answer (if that doesn't work for you): we changed the search filter. We found that, upon login, the LDAP module takes the username you entered (which we had configured to sAMAccountName), appends the domain suffix you configured, and searches for that concatenated string based on the search filter.
For example, if my username was "eti" and my domain suffix was "@mendix.local", the LDAP module looks for "firstname.lastname@example.org" on the active directory based on your search string.
Perhaps this behavior should be changed in the LDAP module, but here's how we worked around the issue.
We downloaded Active Directory Explorer (usually you can log into it without entering any connection details) and found that there was an attribute called userPrincipalName that matched this concatenated format (sAMAccountName + domain suffix). Upon changing the search string (as above), we were able to authenticate and log in successfully!
Julio, I would check with Mendix if the new LDAP module ( https://appstore.home.mendix.com/link/app/1218/Mendix/LDAP-Provisioning-Agent) also does the authentication. The documentation is not clear at that point. From my memory this module was a complete rewrite of the old module but I am not completly sure because both ldap modules are on Mx 5. Maybe Roeland Salij could answer this question and give some details about the differences of these modules.
Not clear indeed. We had problems with LDAP Synchronization module in Mx5.11, So my customer is still running on 5.9.0. Now we like to update to 5.16 or higher, but which module is now the best option?
LDAP Provisioning Agent or LDAP Synchronization module