Указал в фале web.app.properties параметры ldap:
cuba.web.ldap.enabled = true
cuba.web.ldap.urls = ldap://XXX
cuba.web.ldap.base = DC=bank,DC=int
cuba.web.ldap.user = XXX
cuba.web.ldap.password =XXX
В сущности USer завел запись с login по своему SMAcountName из AD (Ahmetshin-RM)
Перезахожу в cuba - ввожу свой логин Ahmetshin-RM и пароль к учетке.
В результате ошибка: Вход невозможен. Свяжитесь с администратором
В логах Tomkat ошибка:
2018-10-23 15:10:32.110 ERROR [http-nio-8080-exec-27] com.haulmont.cuba.web.app.loginwindow.AppLoginWindow - Internal error during login
com.haulmont.cuba.security.global.InternalAuthenticationException: Exception is thrown by login provider
Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 ]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:578) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1441) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1426) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1359) ~[spring-ldap-core-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at com.haulmont.cuba.web.security.ldap.LdapLoginProvider.authenticateInLdap(LdapLoginProvider.java:131) ~[cuba-web-6.9.7.jar:6.9.7]
at com.haulmont.cuba.web.security.ldap.LdapLoginProvider.login(LdapLoginProvider.java:82) ~[cuba-web-6.9.7.jar:6.9.7]
at com.haulmont.cuba.web.security.ConnectionImpl.loginInternal(ConnectionImpl.java:190) ~[cuba-web-6.9.7.jar:6.9.7]
... 51 common frames omitted
Подскажите пожалуйста, что ещё надо донастроить.