I must setup a principal directory which has a bouquet of LDAP-based limitations after which have various sub-sites use other limitations, only possess the actual LDAP search completed in the bottom directory. For instance:
.htaccess per directory /Primary_Directory AuthLDAPURL "ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)" Require group cn=admins ../Open2All Require valid-user ../No_Admins_Allowed Require group cn!=admins
So essentially, the main directory (within this example) are only able to be utilized by customers who're within the admins group, as the first sub-directory could be utilized by anybody within the directory, and also the second sub-folder could be arrived at by anybody who isn't within the admin-group.
However I simply want to set the Require line for that sub-sites, and never re-setup the LDAP query on each sub-directory.
Is possible, despite the fact that you will find obvious permissions conflicts from level to level? Does the greatest .htaccess file realize that the Require line refers back to the LDAP search within the parent folder?
It works out I wasn't distinguishing between Authentication and Authorization. I'm able to have customers authenticate in the primary directory using mod-auth-ldap, after which setup who are able to go where per directory using mod-authnz-ldap.