Apache httpd LDAP authentication fails when authorized group is the primary group on Active Directory

Solution Verified - Updated -

Issue

  • I'm trying to configure Apache httpd so only users belonging to a particular group in Active Directoy can access a certain resource. For this I configure:

    require ldap-group cn=mygroup,ou=mycompany,dc=com
    

    However, authorization always fail.

    [Wed Jan 30 09:14:47.507310 2019] [authnz_ldap:debug] [pid 7245] mod_authnz_ldap.c(989): [client 10.0.0.1:50160] AH01718: auth_ldap authorise: require group (sub-group) "CN=mybasegroup,OU=myorg,DC=org": didn't match with attr DN failed group verification. [member][5 - Compare False]
    [Wed Jan 30 09:14:47.507318 2019] [authnz_ldap:debug] [pid 7245] mod_authnz_ldap.c(996): [client 10.0.0.1:50160] AH01720: auth_ldap authorize group: authorization denied for user myuser to /index.php
    

    I'm certain that the user belongs to that group because it is configured in Active Directory as the user's Primary Group.

Environment

  • Apache httpd
    • 2.4
  • mod_authnz_ldap
  • Active Directory

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In