Apache 1.3.37, auth_ldap v1.6.1, on Solaris 2.9
I currently authenticate the user at the top of my site. LDAP non_authoritative - mod_auth authoritative so that during authorization I can check membership in a series of groups (ug01-ug05) prior to granting access. Membership in any of the 5 groups results in access as it should.
So far so good !
Now - I have a page in a subdirectory that I want to deny access to members of ug02. I then took myself out of all other
Groups but ug02 and in limiting access to the subdirectory I changed my require group as follows:
Require group ug01 ug02 ug03 ug04 ug05
To -
Require group ug01 ug03 ug04 ug05
If I've put myself in ug02 and I'm requiring membership in any 1 of the other groups - I should be getting denied but I'm not.
I did this not only in <Directory> and <Location> constructs in the httpd.conf but also tried a .htaccess file.
Should I not be able to authenticate at entry to the site and then control access to various resources to certain groups as I proceed down the tree ?
Any ideas would be appreciated….
Dan
|