It looks like if you specify multiple Require statements, it could require any one of them (depending on whether a check fails or is neutral). In my case, I can use the following:
Require ldap-filter objectclass=user
Require ssl-verify-client
This still performs the LDAP lookup, but given the SSL requirement passes, it will still allow the user through.
You can see mod_authz_core for how you can use RequireAny and RequireAll for more complex requirements, though these can’t be combined with LimitExcept. I assume you could use Require method OPTIONS instead but haven’t investigated further as the above meets my needs.
CLICK HERE to find out more related problems solutions.