Hi,
according to apache documentation in
https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#reqgroup, the
full group DN must be specified:
----- 8< -----
Require ldap-group
This directive specifies an LDAP group whose members are allowed access. It
takes the distinguished name of the LDAP group. Note: Do not surround the
group name with quotes. For example, assume that the following entry
existed in the LDAP directory:
dn: cn=Administrators, o=Example
objectClass: groupOfUniqueNames
uniqueMember: cn=Barbara Jenson, o=Example
uniqueMember: cn=Fred User, o=Example
The following directive would grant access to both Fred and Barbara:
Require ldap-group cn=Administrators, o=Example
---- >8 -----
flo
On Wed, Jan 12, 2022 at 8:15 PM Simon Matthews via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Thank you for your help. I was able to get it working. Note that I had to set
AuthLDAPGroupAttributeIsDN on
while the FreeIPA documentation instructs you to turn this off.
https://www.freeipa.org/page/Apache_Group_Based_Authorization