LinuxQuestions.org - [SOLVED] Apache 2.4 mod_authnz_ldap cannot restrict authentication to specific group

Hello!
I am trying to restrict authenticated A.D. users to "Only_This_Group" OU, but instead any A.D. user can successfully login.
I am using Apache 2.4 on CentOS 7.

This is my actual (anonymised) VirtualHost config:

Code:

<VirtualHost *:443>

    ServerName  somesite.example.com

    ServerAlias somesite

    DocumentRoot /var/www/html/somesite



    ErrorLog    logs/somesite.example.com-error_log

    TransferLog logs/somesite.example.com-access_log

    CustomLog  logs/somesite.example.com-request_log "t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    LogLevel    warn



    SSLEngine      on

    SSLHonorCipherOrder on

    SSLProtocol    all -SSLv2

    SSLCipherSuite HIGH:MEDIUM:!ADH:!AECDH:-ADH-DES-CBC3-SHA:-ADH-RC4-MD5:-ADH-AES128-SHA:-ADH-AES256-SHA



    SSLCertificateFile    /etc/pki/tls/certs/example.com.crt

    SSLCertificateKeyFile /etc/pki/tls/private/example.com.key

    SSLCertificateChainFile /etc/pki/tls/certs/intermediate.example.com.crt

    SSLCACertificateFile /etc/pki/tls/certs/intermediate.example.com.crt



    <Location />

        AuthLDAPBindDN "cn=ldapuser,ou=tec,ou=accounts,DC=example,DC=com"

        AuthLDAPBindPassword "ultra_sophisticated_password"

        AuthLDAPURL "ldap://192.168.0.1 192.168.0.2/ou=employees,ou=accounts,DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" NONE

        AuthLDAPBindAuthoritative On



        AuthType Basic

        AuthName "LDAP Authentication"

        AuthBasicProvider ldap

        AuthUserFile /dev/null



        Require ldap-attribute nsAccountLock!="True"

        Require ldap-group CN=Only_This_Group,OU=Dist,OU=Groups,DC=example,DC=com

        Require valid-user

    </Location>

I did try, but couldn't find the cause, why any A.D. user is successfully authenticated.
All users were double-check. They are not members of "Only_This_Group" OU.
Thanks a lot for help!