In Apache, an amount be the easiest method to only give use of customers who pass the 2 following tests:

  1. User doesn't come in blacklist (alternatively, seems in whitelist)
  2. User has valid LDAP user account

I curently have the 2nd test in position however i now have to bar a few of the valid LDAP customers. Observe that I cannot create an advertisement group to represent my black/whitened list.

I've handled to achieve that using

The config then looks something similar to:

    <Location /blacklisted >
        AuthType Basic
        AuthName "PAM"

        AuthBasicProvider ldap
        Require valid-user
        AuthLDAPURL ldap://ldap.example.com/?sAMAccountName?sub
        AuthzLDAPAuthoritative off
        AuthLDAPBindDN bindUser@example.com
        AuthLDAPBindPassword verySecurePasswd

        Order allow,deny
        Deny from 192.168.1
        Allow from all
    </Location>

However, I still have no idea whether that might be achievable basically desired to blacklist LDAP usernames rather than IP addresses. (Covener appears to point out some complex config could get it done however i haven't attempted it).