ldap-attribute wildcard not working?

[Bruce DeYoung <bdy@xxxxxxx>]

Hello,

We are moving from Apache 1.3 (Solaris)
to Apache 2.2.3 (Redhat).   We are trying to leverage the new functionality
in the mod_authnz_ldap module to authenticate/authorize users visting our
support site.

I have the authentication piece working
and am now trying to authorize access to certain directories using ldap-attribute.

We have an attribute in our LDAP directory
called "groupmembership".     Due to some issues in
our back-end Notes/Domino database, values for groupmembership are like
"Employee 1", "Employee 2", "Employee 3",
etc.....but each of these is essentially the same, i.e a member of the
"Employee" group.  

So, if I have content that I want to
secure to members of the "Employee" group, I was hoping to use
a wildcard like:

require ldap-attribute groupmembership=Employee*

But this is not working.  In fact,
there's not even an error in the log file.

Here's the conf file for my test site:

<Directory "/var/www/support-dev2">
#    Options Indexes
#    AllowOverride None
#    Order allow,deny
#    Allow from all
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative
on
    AuthName "Please
enter your webaccount username and password:"
    AuthLDAPURL ldap://domino-core.qad.com:389/?cn
    require ldap-attribute
groupmembership=Employee*
#    require valid-user
    AuthLDAPBindDN "cn=Domino
Ldap,o=QADWEB"
    AuthLDAPBindPassword Dom!no7d@p
</Directory>

If I change ldap-attribute to the following:

require ldap-attribute groupmembership="Employee
6"

it works for any account which specifically
has "Employee 6" as a value for the "groupmembership"
field.

But using the wildcard "Employee*"
or simply Employee* (no quotes), does not work.

Can someone set me straight?  What
am I doing wrong?   Is there a limitation of the wildcard character
that I'm not aware of?

Thanks,

Bruce