> 192.168.1.2 can always access, regardless of LDAP? Yes > 192.168.1.7 can never access, regardless of LDAP? Yes, but what I really want is to do the forbidden of access using authorization(Require tag) not authentication (allow tag) something like that: allow from 192.168.1 Require 192.168.1.2
so apache won't ask them for authentication, but won't let them in according to Require. > LDAP authentication should never be used for 192.168.1 network? Yes > Offsite users can always access if allowed by LDAP? Yes