I had a similar problem, in my case the error was thrown from the decrypt java-action. After a long search I found that I was using the wrong prefix (constant EncryptionPrefix).
In the past my application worked fine with the prefix {AES}, but after updating the Encryption module it appears the prefix should be {AES2}.
Maybe this is also the case in your implementation.
Jasper's detailed explanation definitely should do the trick.
1. Set the encryption key constant in your modeler - should be any RANDOM 16 characters
2. Start-up your Mendix App - with the after startup flow from the LDAP module, `Ldap.ASu_StartLdap`, added to your project settings.
3. Navigate to the LDAP config in your browser, and enter the username and password for the LDAP server - your sysadmin should give you these credentials
The error message that you are referring to comes from the encryption module. You will get that error if the password has been encrypted with a different key than that you are using to read it.
In other words when you setup your ldap configuration and entered the password, you had a different value in the 'EncryptionKey' constant.
To resolve this, keep the constant as it is right now. Go to the ldap configuration and re-enter the password in the password field, then click the button 'Test Connection' again.
(The 'Test Connection' button commits the configuration and the Java reads all the necessary parameters, so you don't need to do anything else)
Since the decryption method is called from LDAPModule.java, the after start up microflow is needed to load the correct configuration and context for the action to work as expected.
You could try adding a logging activity to your after startup microflow to verify that the encryption constant has the value you specified in the yaml file
BUT BE SURE TO REMOVE IT AFTER TESTING - DO NOT FORGET!!!!!!
You could also try to do a live debug: https://docs.mendix.com/howto/monitoring-troubleshooting/debug-microflows-remotely
Add a debug event to the microflow BCo_LdapServerEncryptPassword and verify that the password is being encrypted with the encryption key you specified.
I'm not sure how live debugging is done on a on-premise linux server, but seems like the only way you can try and figure out what is going wrong and where.
Hope this helps.