Hopefully not too bad form to reply to my own thread, but I have more
information.
If I use normal file system based groups, it works as expected, and won't show
my directory 1.
So now it appears to be either an issue with mod_authz_ldap or it's apache
making a decision not to check a sub-directory .htaccess if using a different
authorization method.
--
Bruce Z. Lysik <bly...@yahoo.com>
>________________________________
> From: Bruce Lysik <bly...@yahoo.com>
>To: "users@httpd.apache.org" <users@httpd.apache.org>
>Sent: Thursday, August 1, 2013 7:18 AM
>Subject: [users@httpd] autoindex: showing directory it shouldn't
>
>
>
>Hi,
>
>
>Summary of my problem: mod_autoindex is showing directories that a logged in
>user doesn't have access to when using Require group. When using Require
>user, it's properly not shown. ShowForbidden is never turned on.
>
>
>Details:
>
>
>Oracle Linux 6u4 (RHEL6u4)
>httpd-2.2.15-26.0.1.el6.x86_64
>mod_authz_ldap-0.26-16.el6.x86_64
>
>
>* mkdir -p /tmp/test/{1,2,3}
>* cat "Require group blahblah "> /tmp/test/1/.htaccess
>* set perms to 775
>* Configure a virtual host with /tmp/test as the DocumentRoot and setup ldap
>authorization and authentication via mod_authz_ldap. Test with a user not in
>group 'blahblah'. Basic auth.
>* Turn on Options Index (ShowForbidden is NOT on.)
>
>
>Browse to the doc root, and I can see directories 1, 2, and 3. (From my
>understanding, I shouldn't see 1.) Trying to browse into directory 1 and I'm
>properly forbidden.
>
>* Change .htaccess file to 'Require user notmyuser'
>
>
>Browse to the doc root. Now I can only see directories 2 and 3. (Proper
>behavior.)
>
>
>Any help would be appreciated, this is driving me crazy! Thanks!
>
>
>--
>Bruce Z. Lysik <bly...@yahoo.com>
>
>
