# rjs 13/11/2022
    AddType text/html .htm
    AddOutputFilter INCLUDES .htm

    # For Directory21 Authentication and Authorisation

    AuthType Basic
    AuthName "Login to Directory21 with your UserName"
    AuthBasicProvider ldap

    # could use mod_auth_form to have custom login form and prompt

    #AuthLDAPURL "ldaps://s-pdc-dc01.victrackad.victrack.com.au/OU=Applications,DC=victrackad,DC=victrack,DC=com,DC=au?sAMAccountname" TLS

    AuthLDAPURL "ldap://s-pdc-dc01.victrackad.victrack.com.au/DC=victrackad,DC=victrack,DC=com,DC=au?sAMAccountname,memberof"

    ## ??? serach nested greouyps ??? didn't seem to work!
    #AuthLDAPURL "ldap://s-pdc-dc01.victrackad.victrack.com.au/DC=victrackad,DC=victrack,DC=com,DC=au?sAMAccountname,memberof?sub"

    AuthLDAPBindDN "CN=VRT_SVC_Telmax,OU=Service Accounts,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au"
    #AuthLDAPBindPassword iaV#q@4xy1
    AuthLDAPBindPassword Victrack22
    AuthLDAPMaxSubGroupDepth 10
    #AuthLDAPSubGroupDepth 1


# takes a lot longer, and still fails!
    ## search nested groups in AD
    ##Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=Users,OU=Groups,DC=victrackad,DC=victrack,DC=com,DC=au
    #Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=Domain Users,DC=victrackad,DC=victrack,DC=com,DC=au

    Require valid-user

    <RequireAny>
        Require ldap-group CN=GG-Telco-Directory21-Access-RW,OU=Teleco,OU=AppAccess,OU=Groups,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au
        Require ldap-group CN=GG-Telco-Directory21-Access-R,OU=Teleco,OU=AppAccess,OU=Groups,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au
        Require ldap-filter (&(|(objectCategory=Person)(objectCategory=User))(| (primaryGroupID=513)))
    </RequireAny>