awx 15.0.1 error on AD login

Archives AWX Project
1

Hello,
I have an old awx install, on containers, based on awx 9.0.1.0 and ansible 2.8.5, that I’m trying to port to Oracle Linux Automation platform, that is based, as I see, on awx 15.0.1 and ansible 2.9.27 on an rpm install, without containers.

In the old install I have my organization and team with users configured against AD.
Using the same auth parameters in awx 15.0.1 I’m not able to login.
With Settings → System → Logging
logging aggregator level threshold to debug I get this in log file

2022-03-30 13:33:29,396 WARNING django_auth_ldap Caught LDAPError while authenticating my_username: INVALID_CREDENTIALS({‘msgtype’: 97, ‘msgid’: 1, ‘result’: 49, ‘desc’: ‘Invalid credentials’, ‘ctrls’: , ‘info’: ‘80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580’},)
2022-03-30 13:33:29,509 WARNING awx.api.generics Login failed for user my_username from x.y.w.z
2022-03-30 13:33:29,516 WARNING django.request Unauthorized: /api/login/
2022-03-30 13:33:29,516 WARNING django.request Unauthorized: /api/login/
[pid: 1473|app: 0|req: 14/18] x.y.w.z () {60 vars in 1124 bytes} [Wed Mar 30 13:33:29 2022] POST /api/login/ => generated 6072 bytes in 175 msecs (HTTP/1.1 401) 8 headers in 392 bytes (1 switches on core 0)

The log lines are exactly the same if I digit a wrong password and if I digit a wrong username…

Do you have any suggestion to debug the problem?
Eg with awx cli?

my parameters are:
uri

ldap://my_domain_controller:389

bind dn

CN=bind_user,CN=Users,DC=lab,DC=example,DC=com

ldap group type
MemberDNGroupType

ldap user search
[
“DC=lab,DC=example,DC=com”,
“SCOPE_SUBTREE”,
“(sAMAccountName=%(user)s)”
]

ldap group search
[
“DC=lab,DC=example,DC=com”,
“SCOPE_SUBTREE”,
“(objectClass=group)”
]

ldap user attribute map
{
“first_name”: “givenName”,
“last_name”: “sn”,
“email”: “mail”
}

ldap group type parameters
{
“name_attr”: “cn”,
“member_attr”: “member”
}

ldap user flags by group
{
“is_superuser”: [
“CN=example_admins,CN=Users,DC=lab,DC=example,DC=com”
]
}

ldap organization map
{
“MYORG”: {
“remove_users”: false,
“remove_admins”: false,
“users”: true,
“admins”: “CN=example_admins,CN=Users,DC=lab,DC=example,DC=com”
}
}

ldap team map
{
“MYTEAM”: {
“users”: “CN=example_admins,CN=Users,DC=lab,DC=example,DC=com”,
“organization”: “MYORG”,
“remove”: true
}
}

Thanks in advance,
Gianluca