Apache 2.4 mod_authnz_ldap cannot restrict authentication to specific group
Hello!
I am trying to restrict authenticated A.D. users to "Only_This_Group" OU, but instead any A.D. user can successfully login. I am using Apache 2.4 on CentOS 7. This is my actual (anonymised) VirtualHost config: Code:
<VirtualHost *:443> All users were double-check. They are not members of "Only_This_Group" OU. Thanks a lot for help! |
Restrict AuthLDAPURL
Ok, it can be managed by restrict the AuthLDAPURL:
## AuthLDAPURL "ldap://192.168.0.1 192.168.0.2/ou=employees,ou=accounts,DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" NONE AuthLDAPURL "ldap://192.168.0.1 192.168.0.2/ou=employees,ou=accounts,DC=example,DC=com?sAMAccountName?sub?(&(objectCategory=person)(objectClass= user)(memberOf=Only_This_Group,OU=Dist,OU=Groups,DC=example,DC=com))" NONE After that no additional Require ldap-group nor Require ldap-filter directive is needed. |
All times are GMT -5. The time now is 01:50 AM. |