The documentation for AuthzProviderAlias [1] looks wrong. AFAICT including 'Require all granted' means that anyone can access the directory. This is borne out by my local testing. If I remove the Require line, then httpd complains "AuthUserFile not specified in the configuration". Presumably this is because auth is now needed, but the config is incorrect. If I change AuthBasicProvider to ldap, it complains that AuthLDAPUrl is missing. It would make more sense if the example used LDAP for both authn and authz, but another way to fix it would be to add a AuthUserFile line. Also the example AuthzProviderAlias entries seem very contrived. It might make more sense to use an example of two LDAP groups which use different attributes to hold their members. e.g. some use member (which is normally a DN) and some use memberUid (which is normally just the Uid). [1] https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#authzalias