So at first I was just trying to use an application object now I'm trying with a whole domain.
I wish to protect a web service website.com/app with basic http auth.
I have an openLDAP policy store. The root dn is dc=dompany,dc=com, there is an ou=People for users. The only user in ou=People has a uid attribute to identify him. object class inetOrgPerson.
I made a user-directory from this, and it seems to work correctly - I can view the contents and look up my user by UID.
So I made a domain "appdomain" and associated my user-directory with it. It has a realm "apprealm" with resource / and a rule for webagent get,post,put. Also a policy, that has users = All users.
For some reason, when I look the smacess log, i see auth accept and az rejection, even when the realm has "process authorization events" unchecked.
My user seems to be authenticated, how can I make sure they are authorized for /app ?