WAF LDAP system user cannot query directory

Problem

WAF returns Forbidden 403 for users that are in a appropriate group to access site behind WAF.

In /var/log/apache2/error.log:

[2017-06-26 11:31:32.261884] [authz_core:error] [pid 19458:tid 139955148887808] [client 87.110.178.218:51722] AH01630: client denied by server configuration: proxy:http://ipa.service.consul:10780/

Solution

• Test LDAP connection as described in ldap-sysaccount role
• Reset LDAP sysaccount user passwortd if necessary and regenerate WAF configs by running

athena-users sysacc -r gateway.ldap