Group authentication

Hi,

For a site I’m building, I have to restrict the access to subparts of the site as follow

/ should be available to everyone being a valid user (easy to do)
/customers should be available to members of the admin group
/customers/customerA should be available to customerA only and members of admin group
/customers/customerB should be available to customerB only and members of admin group
/customers/customerC should be available to customerC only and members of admin group
and so on

All those users should be authenticated against a DB as they already exist in that DB for other services.

This DB is as follow :
mysql> describe authorization;
±---------±-------------±-----±----±--------------------±------+
| Field | Type | Null | Key | Default | Extra |
±---------±-------------±-----±----±--------------------±------+
| username | varchar(80) | NO | PRI | | |
| groups | varchar(40) | YES | | NULL | |
| date | datetime | NO | | 0000-00-00 00:00:00 | |
| passwd | varchar(80) | YES | | NULL | |
| gecos | varchar(255) | YES | | NULL | |
| active | char(1) | YES | | NULL | |
±---------±-------------±-----±----±--------------------±------+

mysql> select * from authorization;
±---------±---------±--------------------±--------------±-------------------±-------+
| username | groups | date | passwd | gecos | active |
±---------±---------±--------------------±--------------±-------------------±-------+
| test | admin | 2011-11-01 19:44:55 | nxzRHNsAYwiXA | Test user | A |
| sysadmin | admin | 2011-11-02 14:06:00 | 4yrPhXL6VNTtQ | FTP manager | A |
| customerA| customer | 2011-11-02 14:10:53 | p9EoYolUhpK9o | customerB account | A |
| customerB| customer | 2011-11-07 15:05:53 | /iXyhnjwmDVC2 | customerB account | A |
±---------±---------±--------------------±--------------±-------------------±-------+

<VirtualHost *:80>
Servername www.example.com
Documentroot /export/ftp
CustomLog /var/log/apache2/access.log combined
# mod_dbd configuration
DBDriver mysql
DBDParams “host=localhost port=3306 dbname=users user=XXX pass=YYY”
DBDMin 4
DBDKeep 8
DBDMax 20
DBDExptime 300
DBDPersist Off

&lt;Directory /&gt;
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
&lt;/Directory&gt;

&lt;Directory /customers&gt;
Options Indexes FollowSymLinks Multiviews
AllowOverride AuthConfig
Order allow,deny
Allow from all
AuthBasicProvider dbd
AuthDBDUserPWQuery \\
    "SELECT passwd FROM authorization WHERE username=%s and active='A'"
Require valid-user
&lt;/Directory&gt;

&lt;Directory /export/ftp/customers/customerA&gt;
   Options Indexes Includes FollowSymLinks MultiViews
   AllowOverride AuthConfig
   Order allow,deny
   Allow from all

   AuthType Basic
   AuthName "CustomerA Secure Access"
   AuthBasicProvider dbd

&lt;Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK&gt;
    AuthDBDUserPWQuery \\
    "SELECT passwd FROM authorization WHERE username =%s and active='A'"
    Require user customerA
        Require dbd-group admin 
        AuthzDBDQuery "SELECT groups FROM authorization where username=%s and groups='admin' "
&lt;/Limit&gt;

</Directory>
<Directory /export/ftp/customers/customerB>
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all

   AuthType Basic
   AuthName "CustomerA Secure Access"
   AuthBasicProvider dbd

&lt;Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK&gt;
    AuthDBDUserPWQuery \\
    "SELECT passwd FROM authorization WHERE username =%s and active='A'"
    Require user customerB
        Require dbd-group admin 
        AuthzDBDQuery "SELECT groups FROM authorization where username=%s and groups='admin' "
&lt;/Limit&gt;

</Directory>
</VirtualHost>

My problem is that I can authentication members of group admin without trouble but not users of group ‘customer’.

What could be my config problem ?

Thanks for help.

Fred.