WAF LDAP system user cannot query directory

Problem

WAF returns Forbidden 403 for users that are in a appropriate group to access site behind WAF.

In /var/log/apache2/error.log:

[2017-06-26 11:31:32.261884] [authz_core:error] [pid 19458:tid 139955148887808] [client 87.110.178.218:51722] AH01630: client denied by server configuration: proxy:http://ipa.service.consul:10780/

Solution

  • Test LDAP connection as described in ldap-sysaccount role
  • Reset LDAP sysaccount user passwortd if necessary and regenerate WAF configs by running
athena-users sysacc -r gateway.ldap