> 192.168.1.2 can always access, regardless of LDAP?
Yes
> 192.168.1.7 can never access, regardless of LDAP?
Yes, but what I really want is to do the forbidden of access using authorization(Require tag)
not authentication (allow tag)
something like that:
allow from 192.168.1
Require 192.168.1.2
so apache won't ask them for authentication, but won't let them in according to Require.
> LDAP authentication should never be used for 192.168.1 network?
Yes
> Offsite users can always access if allowed by LDAP?
Yes