Hello, Does anyone have any idea how to authenticate a user against two different OUs on the same AD server? I am using Apache 2.4 on Ubuntu 18.04. Server version: Apache/2.4.18 (Ubuntu) Server built: 2018-06-07T19:43:03 The user could be in "ABC User" or "XYZ user". AD OUs are: AuthLDAPURL "ldap://adx.ABC.org:389/OU=ABC Users,DC=ABC,DC=org?sAMAccountName?sub?(objectClass=*)" and AuthLDAPURL "ldap://adx.ABC.org:389/OU=XYZ Users,DC=ABC,DC=org?sAMAccountName?sub?(objectClass=*)" Part of the current conf file: <Location /> AuthName "ABC Intranet" AuthBasicProvider ldap AuthType Basic AuthLDAPURL "ldap://adx.ABC.org:389/OU=ABC Users,DC=ABC,DC=org?sAMAccountName?sub?(objectClass=*)" # login to AD AuthLDAPBindDN "CN=ldap_ABCweb,OU=ABC Service Accounts,DC=ABC,DC=org" AuthLDAPBindPassword AuthLDAPGroupAttributeIsDN off AuthLDAPGroupAttribute memberUid # tried this and failed # Require ldap-filter (&(memberOf='OU=XYZ Users,DC=ABC,DC=org?sAMAccountName?sub?(objectClass=*')|(memberOf='OU=ABC Users,DC=ABC,DC=org?sAMAccountName?sub?(objectClass=*')) # tried this and failed # <RequireAny> # Require ldap-filter (&(memberOf='OU=ABC Users,DC=ABC,DC=org?sAMAccountName?sub?(objectClass=*')) # Require ldap-filter (&(memberOf='OU=XYZ Users,DC=ABC,DC=org?sAMAccountName?sub?(objectClass=*')) # </RequireAny> # require any is implied require any Require valid-user Require ip 10.46 Require ip 130.44 Require ip 10.44 </Location> Would something like this work using the same AD server? <AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"> AuthLDAPBindDN "cn=youruser,o=ctx" AuthLDAPBindPassword yourpassword AuthLDAPUrl "ldap://ldap.host/o=ctx" </AuthzProviderAlias> <AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"> AuthLDAPBindDN "cn=yourotheruser,o=dev" AuthLDAPBindPassword yourotherpassword AuthLDAPUrl "ldap://other.ldap.host/o=dev?cn" </AuthzProviderAlias> Thanks, Dan