Apache httpd LDAP authentication fails when authorized group is the primary group on Active Directory

Solution Verified - Updated -

Issue

  • I'm trying to configure Apache httpd so only users belonging to a particular group in Active Directoy can access a certain resource. For this I configure:

    require ldap-group cn=mygroup,ou=mycompany,dc=com

    However, authorization always fail.

    [Wed Jan 30 09:14:47.507310 2019] [authnz_ldap:debug] [pid 7245] mod_authnz_ldap.c(989): [client 10.0.0.1:50160] AH01718: auth_ldap authorise: require group (sub-group) "CN=mybasegroup,OU=myorg,DC=org": didn't match with attr DN failed group verification. [member][5 - Compare False]
[Wed Jan 30 09:14:47.507318 2019] [authnz_ldap:debug] [pid 7245] mod_authnz_ldap.c(996): [client 10.0.0.1:50160] AH01720: auth_ldap authorize group: authorization denied for user myuser to /index.php

    I'm certain that the user belongs to that group because it is configured in Active Directory as the user's Primary Group.

Environment

  • Apache httpd
    • 2.4
  • mod_authnz_ldap
  • Active Directory

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content