Httpd cannot require ldap-group

I notice that you have this ticket on your support page (Okta Help Center (Lightning)) discussing that the standard “Require ldap-group” syntax in httpd does not work. We are attempting to setup Apache httpd for a customer and are running into the same issue. When debug logs are enabled, we get the following in the error logs (sanitized for privacy).

[Wed Jun 28 03:16:28.361106 2023] [authnz_ldap:debug] [pid 1180986:tid 140300198569728] mod_authnz_ldap.c(571): [client] AH01691: auth_ldap authenticate: using URL ldaps://,dc=XXX,dc=okta,dc=com?uid?sub
[Wed Jun 28 03:16:31.570738 2023] [authnz_ldap:debug] [pid 1180986:tid 140300198569728] mod_authnz_ldap.c(656): [client] AH01697: auth_ldap authenticate: accepting
[Wed Jun 28 03:16:32.846413 2023] [authnz_ldap:debug] [pid 1180986:tid 140300198569728] mod_authnz_ldap.c(1313): [client] AH01719: auth_ldap authorize: require group "cn=XXX,ou=groups,dc=XXX,dc=okta,dc=com": didn't match with attr uniqueMember [Comparison complete][53 - Server is unwilling to perform]

How can we get “require ldap-group” working?

Thanks for your time.