FYI, the issue was that LDAP was authenticating everything within this VirtualHost. This included references to ErrorDocuments. So when a user failed authentication, they also failed to authenticate for viewing ErrorDocuments. What I did to fix this was to add a Location directive that is not authenticated via LDAP, like so. I'm not sure if this is the best solution, but it's the only one I've found so far. I first tried to add a Directory within this VirtualHost, but the Location directive appeared to take precedence over this. Anyway, I thought the list might like to see this. I was not able to find any examples outside of mod_authz_ldap and apache docs googling. <VirtualHost 192.168.1.1> ServerAdmin blah at blah.com DocumentRoot /var/www/html/sites/blah ServerName www.blah.net DirectoryIndex index.php ErrorLog /var/summary/logs/blah_test_stats/blah_eerror_log CustomLog /var/summary/logs/blah_test_stats/blah_eaccess_log combined ErrorDocument 401 /auth/index.html <Location /myerrorpages> AllowOverride All Allow from all </Location> <Location /> AuthzLDAPServer localhost AuthzLDAPBindDN cn=Manager,dc=blah,dc=com AuthzLDAPBindPassword secretblah AuthzLDAPMethod ldap AuthzLDAPLogLevel debug AuthzLDAPUserBase dc=blah,dc=com AuthzLDAPUserKey gcLogin AuthzLDAPUserScope subtree AuthzLDAPRoleAttributeName attr1 AuthType basic AuthName "Blah Login" require valid-user require role Role1 Role2 require filter SUBTREE (&(attr2=TRUE)(|(!(attr3=TRUE)))\) </Location> </VirtualHost> -----Original Message----- From: David Carlson [mailto:thecubic at thecubic.net] Sent: Monday, February 20, 2006 1:55 PM To: Jeff Hemminger Cc: tclug-list at mn-linux.org Subject: Re: [tclug-list] apache errordocument config with openldap Try commenting out the bottom of /etc/httpd/conf.d/welcome.conf, and also try putting ErrorDocument in the VirtualHost section or the Location section inside. -=-=-=-=-=-=-=- David Carlson thecubic at thecubic.net