We are trying to configure a private zone with apache modules
auth_gssapito SSO and
authnz_ldapto restrict access by LDAP group, but it doesn't work. Our configuration is:
<Location "/mypath"> AuthType GSSAPI AuthName "Kerberos Login" GssapiAllowedMech krb5 GssapiCredStore keytab:/etc/httpd/conf/httpd.keytab AuthLDAPSearchAsUser on AuthLDAPGroupAttribute member AuthLDAPUrl ldap://ldap.org:389/dc=myorg,cg=org?userPrincipalName?sub Require ldap-group cn=mygroup,ou=groups,dc=myorg </Location>
However, even though the user authenticates correctly and is correctly assigned to the group, the authorization fails.
[Wed Oct 20 14:05:56.771442 2021] [authz_core:debug] [pid 118552:tid 140552636970752] mod_authz_core.c(820): [client 10.1.1.3:1551] AH01626: authorization result of Require ldap-group cn=mygroup,ou=groups,dc=myorg: denied, referer: http://myweb.org/login/
- Red Hat Enterprise Linux (RHEL)
- Red Hat JBoss Enterprise Application Portal
- Red Hat JBoss Web Server
- Red Hat JBoss Core Services (JBCS) Apache httpd
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.