>> But It still lets people in instead of sending a 401 page. > > Weird on a few fronts, are you sure this log entry corresponds to the 200? Triple checking.. You're right It "just bloody works". > 1) "AuthzLDAPAuthoritative off" means you should see "declining to > authorise" instead of "authorization denied" > 2) Once you see this message, i don't think any other module would be > have a chance to flip it to a 200 It was the browser cache playing tricks on me, the correct codes was indeed written in the apachelogs ... when the caching was flushed and. -- Jesper --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx