Hi,
We are using Active Directory for user authentication, this being configured over ssl on port 636. This was working fine until this last weekend when we installed Defender on the Active Directory and some patching, On Monday AD users couldn’t login. In the logs I found
2023-03-13 19:57:05,849 WARNING [861e481d805442c8ae1b3d8e417129e8] django_auth_ldap Caught LDAPError while authenticating clubbing80: SERVER_DOWN({‘result’: -1, ‘desc’: “Can’t contact LDAP server”, ‘ctrls’: , ‘info’: ‘error:0A000086:SSL routines::certificate verify failed (EE certificate key too weak)’})
2023-03-13 19:57:05,851 WARNING [861e481d805442c8ae1b3d8e417129e8] awx.api.generics Login failed for user clubbing80s from 10.42.0.145
2023-03-13 19:57:05,855 WARNING [861e481d805442c8ae1b3d8e417129e8] django.request Unauthorized: /api/login/
2023-03-13 19:57:05,855 WARNING [861e481d805442c8ae1b3d8e417129e8] django.request Unauthorized: /api/login/
I have searched the history here and found AWX LDAPS authentication - disable REQUIRE CERT (google.com) .
in “/api/v2/settings/ldap/” I have tried to configure the following :
“AUTH_LDAP_CONNECTION_OPTIONS”: {
“OPT_REFERRALS”: 0,
“OPT_NETWORK_TIMEOUT”: 30,
“OPT_X_TLS_NEWCTX”: 0
},
but I still get the same error :
2023-03-13 20:45:21,687 WARNING [f3ae7128cefd460d9d90a7ac38da60d5] django_auth_ldap Caught LDAPError while authenticating clubbing80s: SERVER_DOWN({‘result’: -1, ‘desc’: “Can’t contact LDAP server”, ‘ctrls’: , ‘info’: ‘error:0A000086:SSL routines::certificate verify failed (EE certificate key too weak)’})
2023-03-13 20:45:21,691 WARNING [f3ae7128cefd460d9d90a7ac38da60d5] awx.api.generics Login failed for user clubbing80s from 10.42.0.145
2023-03-13 20:45:21,698 WARNING [f3ae7128cefd460d9d90a7ac38da60d5] django.request Unauthorized: /api/login/
2023-03-13 20:45:21,698 WARNING [f3ae7128cefd460d9d90a7ac38da60d5] django.request Unauthorized: /api/login/
Please advise on next steps.
Greg