When configuring a dns-ui install using the example Apache configuration file against an Active Directory LDAP server you get behaviour that is really confusing to a new user.
Which means that you just get a "500 server error", and nothing in any log file to say what is wrong. Enabling the LDAP debug described there showed that it was because the LDAP line doesn't work against active directory:
[Tue Dec 08 15:08:53.406766 2020] [authnz_ldap:info] [pid 25695:tid 140081561179904] [client A.B.C.D:PPPPP] AH01695: auth_ldap authenticate: user UUUUU authentication failed; URI / [ldap_search_ext_s() for user failed][Operations error]
Changing the AuthLDAPURL line from "ldaps://...?uid?sub?(objectClass=inetOrgPerson)" to "ldaps://...?samAccountName?sub?(objectClass=organizationalPerson)"
Allowed the authentication to succeed. Maybe worth adding a note to the Wiki page with the example?
When configuring a dns-ui install using the example Apache configuration file against an Active Directory LDAP server you get behaviour that is really confusing to a new user.
It triggers the issue described here: https://stackoverflow.com/a/16530990/4523777
Which means that you just get a "500 server error", and nothing in any log file to say what is wrong. Enabling the LDAP debug described there showed that it was because the LDAP line doesn't work against active directory:
[Tue Dec 08 15:08:53.406766 2020] [authnz_ldap:info] [pid 25695:tid 140081561179904] [client A.B.C.D:PPPPP] AH01695: auth_ldap authenticate: user UUUUU authentication failed; URI / [ldap_search_ext_s() for user failed][Operations error]
Changing the AuthLDAPURL line from "ldaps://...?uid?sub?(objectClass=inetOrgPerson)" to "ldaps://...?samAccountName?sub?(objectClass=organizationalPerson)"
Allowed the authentication to succeed. Maybe worth adding a note to the Wiki page with the example?