I banged my head on this for more hours than I care to admit, I finally post here describing my efforts, and then like a thunderbolt, it hits me that I'm missing the difference between authentication and authorization.
Re-reading the mod_authnz_ldap docs explains that for authentication only, I just need to specify 'AuthzLDAPAuthoritative off'.
Well, at least I have it working now...yay!....argh!....yay!....argh!....yay!
Hopefully this saves somebody some grief in the future...
For the sake of thoroughness, here is the whole .htaccess file:
Code:
AuthName "Staff Only"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://zimbra.mydomain.com:389/ou=people,dc=mydomain,dc=com?uid?sub?(objectClass=organizationalPerson)
AuthzLDAPAuthoritative off
require valid-user