When authenticating users using LDAP, for GlobalProtect and others, users are unable to connect, even though they are using the correct credentials. In the system logs, we can see Invalid Username or Password message:
Diagnosis
The firewall is able to reach the LDAP server, the LDAP server profile configuration is proper as well. But checking the system logs and tailing authd.logs show Invalid Username/Password. Users are, in fact, using the correct credentials as they are able to RDP to their computers with the same credentials. Checking the LDAP authentication profile reveals that Login Attribute is empty.
Resolution
The LoginAttribute should have 'sAMAccountName' populated; else it won't work.
Note: Also make sure the authentication profile associated with LDAP does not have spaces and that the username is part of the LDAP user group which is configured in the Allowed List.