Deny from all
#Require ldap-attribute someattribute=somevalue
Allow from 192.168.1.0/24
I save this in a text file and I copy/paste it whenever I need to. (OSX terminal shortcut: `cat filename | pbcopy`) In an httpd.conf file, it needs to be enclosed by a <Directory "/path/to/secure"> </Directory>. Uncomment or comment out the sections you need.
If you want the authentication to be secure, you'll need to redirect the non-HTTPS page to an HTTPS page, then include the directive on the ssl.conf (or whichever vhost you've setup for SSL connections :443). Otherwise, anything entered in the password prompt will go across the wire in the clear.