Hopefully not too bad form to reply to my own thread, but I have more information.
If I use normal file system based groups, it works as expected, and won't show my directory 1. So now it appears to be either an issue with mod_authz_ldap or it's apache making a decision not to check a sub-directory .htaccess if using a different authorization method. -- Bruce Z. Lysik <bly...@yahoo.com> >________________________________ > From: Bruce Lysik <bly...@yahoo.com> >To: "users@httpd.apache.org" <users@httpd.apache.org> >Sent: Thursday, August 1, 2013 7:18 AM >Subject: [users@httpd] autoindex: showing directory it shouldn't > > > >Hi, > > >Summary of my problem: mod_autoindex is showing directories that a logged in >user doesn't have access to when using Require group. When using Require >user, it's properly not shown. ShowForbidden is never turned on. > > >Details: > > >Oracle Linux 6u4 (RHEL6u4) >httpd-2.2.15-26.0.1.el6.x86_64 >mod_authz_ldap-0.26-16.el6.x86_64 > > >* mkdir -p /tmp/test/{1,2,3} >* cat "Require group blahblah "> /tmp/test/1/.htaccess >* set perms to 775 >* Configure a virtual host with /tmp/test as the DocumentRoot and setup ldap >authorization and authentication via mod_authz_ldap. Test with a user not in >group 'blahblah'. Basic auth. >* Turn on Options Index (ShowForbidden is NOT on.) > > >Browse to the doc root, and I can see directories 1, 2, and 3. (From my >understanding, I shouldn't see 1.) Trying to browse into directory 1 and I'm >properly forbidden. > >* Change .htaccess file to 'Require user notmyuser' > > >Browse to the doc root. Now I can only see directories 2 and 3. (Proper >behavior.) > > >Any help would be appreciated, this is driving me crazy! Thanks! > > >-- >Bruce Z. Lysik <bly...@yahoo.com> > >