Essa configuração funcionou para mim:
<Location />
AuthType Basic
AuthName "LDAP Login"
AuthBasicProvider ldap
AuthLDAPBindDN USER@DOMAIN
AuthLDAPBindPassword PASSWORD
AuthLDAPURL ldap://IP:PORT/OU=...,DC=...,DC=...,DC=intern?uid?sub
Require ldap-group CN=...,OU=...,OU=...,OU=...,DC=...,DC=...,DC=intern
Require valid-user
</Location>
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost On
ProxyRequests Off
AllowEncodedSlashes NoDecode
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
Parece que a ordem dos comandos é relevante.