Hey All,

Using SLES 10.3 here and trying to get authorization working for certain directories under a Apache Virtual host. Right now I am able to get it to prompt for a login and login, but it does not seem to be reading the LDAP groups to grant access to restricted directories, or it will give full access to restricted directories to users that are not in the group used to restrict access.

When I require only that the user be part of a group, I get the login prompt but it will not login, it keeps knocking back until it fails, if I add the require valid-user it logs in and shows all the directories even ones where the require group setting is set and the user is not part of the group.

Using a OES2/SP2 LDAP server, SLES as well, and this server is OES2/sp2 if that makes a difference. Any ideas?

FYI, values in the config below are changed from the original

<VirtualHost *:443>
DocumentRoot /wwwdocs/docroots/securewww/
ServerName securewww.musd.org
ServerAdmin blittrell@musd.org
<Directory/wwwdocs/docroots/securewww/>
Options Indexes Multiviews
AllowOverride None
Order deny,allow
Allow from all
AuthType Basic
AuthName "DefaultWeb"
AuthzLDAPAuthoritative Off
AuthBasicProvider ldap
AuthLDAPURL ldaps://192.168.2.3:636/o=securecontext?uid?sub
require valid-user
</Directory>
<Directory /wwwdocs/docroots/securewww/restricteddocs/>
Options Indexes Multiviews
AllowOverride None
Order deny,allow
Allow from all
AuthType Basic
AuthName "DefaultWeb"
AuthLDAPGroupAttributeIsDN on
AuthzLDAPAuthoritative Off
AuthBasicProvider ldap
AuthLDAPURL ldaps://192.168.2.3:636/o=securecontext?uid?sub
require group cn=securegroup,o=securecontext
require valid-user
</Directory>
<Directory /wwwdocs/docroots/securewww/generaldocs/>
Options Indexes Multiviews
AllowOverride None
Order deny,allow
Allow from all
AuthType Basic
AuthName "DefaultWeb"
AuthzLDAPAuthoritative Off
AuthBasicProvider ldap
AuthLDAPURL ldaps://192.168.2.3:636/o=securecontext?uid?sub
require group cn=nonsecuregroup,o=securecontext
require valid-user
</Directory>
</VirtualHost>

Thanks for any help