Apache 1.3.37, auth_ldap v1.6.1, on Solaris 2.9 I currently authenticate the user at the top of my site. LDAP non_authoritative - mod_auth authoritative so that during authorization I can check membership in a series of groups (ug01-ug05) prior to granting access. Membership in any of the 5 groups results in access as it should.
So far so good ! Now - I have a page in a subdirectory that I want to deny access to members of ug02. I then took myself out of all other Groups but ug02 and in limiting access to the subdirectory I changed my require group as follows: Require group ug01 ug02 ug03 ug04 ug05 To - Require group ug01 ug03 ug04 ug05 If I've put myself in ug02 and I'm requiring membership in any 1 of the other groups - I should be getting denied but I'm not. I did this not only in <Directory> and <Location> constructs in the httpd.conf but also tried a .htaccess file. Should I not be able to authenticate at entry to the site and then control access to various resources to certain groups as I proceed down the tree ? Any ideas would be appreciated.... Dan