Problem

Cannot log into the Blue Cedar Gateway after configuring search-order number for Active Directory

Solution

As explained in Step 2: Defining the search order of configured authentication providers, the gateway uses a chain of authentication providers to validate user requests. When a client makes an authentication request, the gateway starts looking at the appropriate auth-group (which is  local) and then the auth-provider with the lowest search-order to validate the request.

If the gateway receives a "No such user or resource" result from the auth-provider, the gateway continues on to the next auth-provider in the sequence until it receives a definitive success or error and then returns the result.

However, if there is a user in the local auth-provider named "Administrator", and the search-order of local is less than the search-order of an Active Directory (AD) server, this can cause the gateway to attempt a query of the AD domain instead of allowing the administrator to log into the gateway.

Configure the auth-provider local with the lowest search-order number, which is 0. This "best practice" helps you avoid the undesired behavior of the gateway when logging in.