Hello!
I am trying to restrict authenticated A.D. users to "Only_This_Group" OU, but instead any A.D. user can successfully login.
I am using Apache 2.4 on CentOS 7.
This is my actual (anonymised) VirtualHost config:
Code:
<VirtualHost *:443>
ServerName somesite.example.com
ServerAlias somesite
DocumentRoot /var/www/html/somesite
ErrorLog logs/somesite.example.com-error_log
TransferLog logs/somesite.example.com-access_log
CustomLog logs/somesite.example.com-request_log "t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel warn
SSLEngine on
SSLHonorCipherOrder on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!ADH:!AECDH:-ADH-DES-CBC3-SHA:-ADH-RC4-MD5:-ADH-AES128-SHA:-ADH-AES256-SHA
SSLCertificateFile /etc/pki/tls/certs/example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/intermediate.example.com.crt
SSLCACertificateFile /etc/pki/tls/certs/intermediate.example.com.crt
<Location />
AuthLDAPBindDN "cn=ldapuser,ou=tec,ou=accounts,DC=example,DC=com"
AuthLDAPBindPassword "ultra_sophisticated_password"
AuthLDAPURL "ldap://192.168.0.1 192.168.0.2/ou=employees,ou=accounts,DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindAuthoritative On
AuthType Basic
AuthName "LDAP Authentication"
AuthBasicProvider ldap
AuthUserFile /dev/null
Require ldap-attribute nsAccountLock!="True"
Require ldap-group CN=Only_This_Group,OU=Dist,OU=Groups,DC=example,DC=com
Require valid-user
</Location>
I did try, but couldn't find the cause, why any A.D. user is successfully authenticated.
All users were double-check. They are not members of "Only_This_Group" OU.
Thanks a lot for help!