I recently ran into an issue configuring HTTP Basic authentication against Active Directory using Apache httpd. What was happening was that I’d get a 500 Internal Server Error page every time I hit a location that required Basic authentication. There wasn’t anything useful in the logs, and I started playing around with the configuration (which, I must point out, was correct in a way). After about two hours of trial I finally figured out the problem — there appears to be some sort of bug either in the OpenLDAP libraries, Apache httpd, or Active Directory itself, when Apache was trying to connect to AD via LDAP. I found this only appeared when I had my search base configured to be the top-level DN of my Active Directory. Changing the search base to an OU lower also resolved the problem, but I couldn’t do that because I have users across several OU’s off the top of the DIT. The solution I came up with was to connect to port 3268, the Global Catalog, rather than the normal port of 389.
Here’s my mod_authnz_ldap configuration settings:
AuthName "Log in with your Windows credentials"
AuthLDAPURL "ldap://dc1.techrockdo.com:3268/DC=techrockdo,DC=com?sAMAccountName?sub?(objectClass=user)" STARTTLS
Require ldap-group CN=Web Access Group,OU=Groups,DC=techrockdo,DC=com
Hope that helps!