NetWorker: AD integration fails with HTTP-ERROR 400 in environment that restricts non-SSL authentication

• Active Directory (AD) or LDAP integration is being added to NetWorker server using non-SSL (port 389) connection but fails with HTTP error 400.
  • NetWorker: How To Set up AD/LDAP Authentication

Authentication Authority Provider creation failed!

Unable to add external authentication provider to authentication service [ ErrorMsg: POST failed with HTTP-ERROR: 400. Server Message: Could not parse server-response from json string, HTTPErrorCode: 400]

• There appear to be no issues with the configuration values used to add external auth. 
• Enabling AUTHC debug reports the following message in the authc-server.log:
  • NetWorker: How To Enable AUTHC DEBUG for Troubleshooting Purposes
    • Linux: /nsr/authc/logs/authc-server.log
    • Windows: C:\Program Files\EMC NetWorker\nsr\authc-server\tomcat\logs\authc-server.log

YYYY-MM-DDTHH:MM:SS DEBUG Resolved [com.emc.brs.auth.server.exception.LdapVerifyException: The verification of the configuration options for Ldap has failed. [ LDAP: error code 8 - 00002028: LdapErr: DSID-0C090276, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580 ]; nested exception is javax.naming.AuthenticationNotSupportedException

This error is occurring outside of NetWorker. The Active Directory server is configured to prevent non-SSL authentication over port 389. 

This policy on the domain controller is: "Domain controller: LDAP server signing requirements" and if set to "Require signing" connections fail if not configured to use SSL.

As the LDAP server is configured to require signed communication, the LDAP server rejects the simple bind request on port 389 (non-SSL).

The following KB details how to configure NetWorker to use Secure LDAP (LDAPS): NetWorker: How To configure LDAPS Authentication