I'm trying to configure Apache httpd so only users belonging to a particular group in Active Directoy can access a certain resource. For this I configure:
require ldap-group cn=mygroup,ou=mycompany,dc=com
However, authorization always fail.
[Wed Jan 30 09:14:47.507310 2019] [authnz_ldap:debug] [pid 7245] mod_authnz_ldap.c(989): [client 10.0.0.1:50160] AH01718: auth_ldap authorise: require group (sub-group) "CN=mybasegroup,OU=myorg,DC=org": didn't match with attr DN failed group verification. [member][5 - Compare False] [Wed Jan 30 09:14:47.507318 2019] [authnz_ldap:debug] [pid 7245] mod_authnz_ldap.c(996): [client 10.0.0.1:50160] AH01720: auth_ldap authorize group: authorization denied for user myuser to /index.php
I'm certain that the user belongs to that group because it is configured in Active Directory as the user's
- Apache httpd
- Active Directory
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.