I'm running Apache 2.4 on Fedora 34.
I've configured user authorization based on Active Directory usernames and passwords with "ldap_module" and "authnz_ldap_module" and this entry is working:
AuthLDAPBindDN "CN=ldap_bind,CN=Users,DC=domain,DC=com,DC=pl"
When I move "ldap_bind" user to another OU in AD and change the configuration like this:
AuthLDAPBindDN "CN=ldap_bind,OU=Tech users,OU=MyOU,DC=domain,DC=com,DC=pl"
then I get "password mismatch" or 500 errors in Apache log and users can't log in.
The new path is correct because I've copied it from the AD "distinguishedName" field after moving the user.
What's wrong with the new user location or the modified entry?
This is the whole configuration:
<Location />
AuthType Basic
AuthName "Active Directory login"
AuthBasicProvider ldap
AuthLDAPURL "ldap://host.domain.com.pl/dc=domain,dc=com,dc=pl?sAMAccountname" TLS
AuthLDAPBindDN "CN=ldap_bind,CN=Users,DC=domain,DC=com,DC=pl"
AuthLDAPBindPassword password
AuthLDAPMaxSubGroupDepth 10
<RequireAny>
Require ldap-group CN=ro_group,OU=Access groups,OU=MyOU,DC=domain,DC=com,DC=pl
Require ldap-group CN=rw_group,OU=Access groups,OU=MyOU,DC=domain,DC=com,DC=pl
</RequireAny>
</Location>
Best Answer
I've figured it out.
There was nothing wrong with this users' new location or DN.
It was the web application error because I forgot to set the new DN in the application configuration.