Hi Joshua,
Here is the full stack trace:
############################################################
#################### Stack Trace Start #########################
java.lang.Exception: Invalid configuration for directory search: no username/password for search.
at com.inductiveautomation.ignition.gateway.authentication.impl.LDAPHelper.search(LDAPHelper.java:348)
at com.inductiveautomation.ignition.gateway.authentication.impl.ADInternalHybridUserSource.getUsers(ADInternalHybridUserSource.java:200)
at com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper.doGetUsers(UserSourceWrapper.java:540)
at com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper$UserCacheImpl.doUpdate(UserSourceWrapper.java:269)
at com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper$UserCacheImpl.doUpdate(UserSourceWrapper.java:265)
at com.inductiveautomation.ignition.gateway.authentication.AbstractCache$UpdateTask.run(AbstractCache.java:118)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
################# Stack Trace End #############################
############################################################
The gMSA being used for the Ignition service does have the appropriate permissions to query AD; however, gMSAs by design do not have static passwords. The account's password is handled entirely by AD (which is regularly cycled/reset every 30 days) and security group membership allows the service to query AD for the account's password. Which is why you don't assign a password in the configuration and is probably the reason we are seeing the exception above.
I've successfully synced AD to an Ignition user source with a static service account; however, it would be best if a gMSA could be used.