I have SSO successfully configured in Vcenter 5.1 to connect with an existing openldap server. Added an existing ldap user to __Administrators__ group in Vcenter. Logged in to the Vcenter appliance via the Vsphere client and added the ldap user as an administrator there. Logged out and then attempt to login as the ldap user but get “Cannot complete login due to an incorrect user name or password.”. However, watching the traffic between the Vcenter appliance and the LDAP server (with wireshark) reveals that the LDAP server is returning the correct information to Vcenter including the user password. Looking at the /var/log/vmware/vpx/vpxd.log does not add any helpful information except that the login failed.
Looking for more options.
vpxd.log:2013-03-21T19:47:03.569Z [7F9BCB86A700 info '[SSO]' opID=BAE759AD-00000004-7b] [UserDirectorySso] Authenticate(testuser, "not shown")
vpxd.log:2013-03-21T19:47:03.727Z [7F9BCB86A700 error 'authvpxdUser' opID=BAE759AD-00000004-7b] Failed to authenticate user <testuser>