Hi and welcome!
I think 2 things help in triaging ldap issues. First, you could turn log level up with the config file below. Briefly searching on this site, it looks like folks have misconfigured their ldap certificate. The logs may say as much.
# added in a new file /opt/rh/httpd24/root/etc/httpd/conf.d/ldap_debug.conf
Loglevel ldap_module:debug
Loglevel authnz_ldap_module:debug
Next is to step back and hack around on ldapsearch. Looks like you’ve been doing this to test auth, but you may need it to figure out the right ldap query. It could be as simple as ldapsearch cn=test.user.
I get an output like this, telling me I’d need to use /OU=People,DC=osc,DC=edu?uid instead of what you have /OU=Users,DC=domain,DC=local?sAMAccountName
dn: cn=johrstrom,ou=People,dc=osc,dc=edu
displayName: Jeff Ohrstrom
employeeType: REGULAR
gecos: Jeff Ohrstrom
cn: johrstrom
employeeStatus: ACTIVE
uid: johrstrom
loginShell: /bin/bash
Which is to say, confirm that your basedn and attribute are correct for what’s in your ldap.
Confirm that you only get one result for a given user. I’ve seen that before where 1 user can map to several ldap entries. You may need to dig into the ldap results and spice up your url with a filter like (myDomain=true) to choose one entry (the one with myDomain) over the other(s).
Lastly, I don’t think you’ve missed anything big. I’d guess it’s something simple. In sum, increase the log setting in apache and get familiar with LDAP in general and get strong at making ldap queries.
Hope that helps! We don’t run AD here, or I’d help you out with that config. Maybe if you post your ldap search result (redacting anything sensitive) I could confirm your basedn, attributes and filters.