On Sat, Dec 6, 2008 at 1:51 AM, Jesper Krogh <jesper.krogh@xxxxxxxxx> wrote: > On Fri, Dec 5, 2008 at 11:48 PM, Eric Covener <covener@xxxxxxxxx> wrote: >> On 12/5/08, Jesper Krogh <jesper.krogh@xxxxxxxxx> wrote: >> >>> Require ldap-group CN=TestGroup,OU=Groups,OU=Company >>> require valid-user >> >> Require directives are OR'ed not AND'ed, despite the way "require" sounds. > > Removing the "require valid-user" from the configurataion changes the > error message to: > [Sat Dec 06 07:49:26 2008] [debug] mod_authnz_ldap.c(852): [client > 10.194.134.5] [22264] auth_ldap authorise: authorisation denied > > But It still lets people in instead of sending a 401 page. Weird on a few fronts, are you sure this log entry corresponds to the 200? 1) "AuthzLDAPAuthoritative off" means you should see "declining to authorise" instead of "authorization denied" 2) Once you see this message, i don't think any other module would be have a chance to flip it to a 200 -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx