> So the first question is: Is it normal that I have to use mod_rewrite to > check for group membership ? I tried hundred of syntaxes with SetEnvIf > or SetEnvIfExpr but I never managed to get it working. I'm not sure why > but I guess it's somehow related to "race condition" (lazy evaluation) > while evaluating environment variable, does it makes sense ? SetEnvIf[expr] is evaluated very early, long before authn/authz occurs and those environment variables can be filled out. > > Second question is: I cannot use "$" to make a proper regex matcher. If > the group is not the last one, I can match it with ;.*$, if it is the > last one, I should be able to match [...]DC=internal$, however that does > not work. There's is one unknown character and I have no idea what it > is. Matching with DC=internal.?$ works, so that's one SINGLE char... Any > idea ? > You could send it out as a response header for debugging, or maybe observe it with rewrite:trace8 in the error_log --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx