[users@httpd] Authentication/Authorization at DocRoot and below

["Saad, Dan (N-Computer Sciences Corp)" <da...@lmco.com>]

Apache 1.3.37, auth_ldap v1.6.1, on Solaris 2.9
I currently authenticate the user at the top of my site. LDAP
non_authoritative - mod_auth authoritative so that during authorization
I can check membership in a series of groups (ug01-ug05) prior to
granting access. Membership in any of the 5 groups results in access as
it should.

So far so good !

Now - I have a page in a subdirectory that I want to deny access to
members of ug02. I then took myself out of all other
Groups but ug02 and in limiting access to the subdirectory I changed my
require group as follows:

Require group ug01 ug02 ug03 ug04 ug05
To -
Require group ug01 ug03 ug04 ug05

If I've put myself in ug02 and I'm requiring membership in any 1 of the
other groups - I should be getting denied but I'm not.

I did this not only in <Directory> and <Location> constructs in the
httpd.conf but also tried a .htaccess file.

Should I not be able to authenticate at entry to the site and then
control access to various resources to certain groups as I proceed down
the tree ?

Any ideas would be appreciated....

Dan