0

I'm running Apache 2.4 on Fedora 34.
I've configured user authorization based on Active Directory usernames and passwords with "ldap_module" and "authnz_ldap_module" and this entry is working:

AuthLDAPBindDN "CN=ldap_bind,CN=Users,DC=domain,DC=com,DC=pl"

When I move "ldap_bind" user to another OU in AD and change the configuration like this:

AuthLDAPBindDN "CN=ldap_bind,OU=Tech users,OU=MyOU,DC=domain,DC=com,DC=pl"

then I get "password mismatch" or 500 errors in Apache log and users can't log in.
The new path is correct because I've copied it from the AD "distinguishedName" field after moving the user.
What's wrong with the new user location or the modified entry?
This is the whole configuration:

<Location />
    AuthType Basic
    AuthName "Active Directory login"
    AuthBasicProvider ldap
    AuthLDAPURL "ldap://host.domain.com.pl/dc=domain,dc=com,dc=pl?sAMAccountname" TLS
    AuthLDAPBindDN "CN=ldap_bind,CN=Users,DC=domain,DC=com,DC=pl"
    AuthLDAPBindPassword password
    AuthLDAPMaxSubGroupDepth 10
    <RequireAny>
        Require ldap-group CN=ro_group,OU=Access groups,OU=MyOU,DC=domain,DC=com,DC=pl
        Require ldap-group CN=rw_group,OU=Access groups,OU=MyOU,DC=domain,DC=com,DC=pl
    </RequireAny>
</Location>
Marek
  • 21
  • 5
  • If pwd wrong msg was what AD returned, then it was wrong pwd. Absolutely no reason for change of DN to cause pwd error. – strongline May 16 '22 at 01:03
  • @strongline My username and password are saved in the browser, so there's no way they're incorrect. Besides the errors occur only after moving the "ldap_user" in AD structure. Updating DN in Apache configuration is necessary because this users' DN is being changed after changing it's location in AD. – Marek May 16 '22 at 08:29
  • Of course you can change DN, what I meant was that changing DN will not cause authentication error such as for AD to report pwd error – strongline May 17 '22 at 10:53

1 Answers1

0

I've figured it out.
There was nothing wrong with this users' new location or DN.
It was the web application error because I forgot to set the new DN in the application configuration.

Marek
  • 21
  • 5