Username not being logged in access_log

[cctgteddy]

I am using Auth0 as my OIDC provider. Authentication works, authorization works (via mod_ldap)

In the vhost config

  CustomLog /data/logs/apache/access_log combined 

<Directory /data/www-root/mydomain/test>
   AuthType openid-connect
   Require ldap-user teddy
</Directory>

In httpd.conf

    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

In auth_openidc.conf

OIDCProviderMetadataURL https://login.mydomain.ca/.well-known/openid-configuration
OIDCClientID xxxx
OIDCClientSecret 'xxxx'
OIDCScope "openid name email"
OIDCRedirectURI /secure/redirect_uri
OIDCCryptoPassphrase xxxxx
OIDCRemoteUserClaim "https://mydomain.ca/ldap_user"
OIDCSessionInactivityTimeout 7200

We recently migrated off mod_auth_cas and this went unnoticed. Apache logs the username Ok when I switch to AuthType cas or AuthType ldap.

Typically we use "require ldap-group ...." for authorization to pages and it's been working fine.

Auth0's suggestion for custom claims (in this case "ldap_user") is to prefix it with a URL style namespace which is being used in OIDCRemoteUserClaim. Is this causing an issue with Apache logging? If I remove this, authentication still works but my authorization breaks.

OS is Rocky Linux 8.10

mod_auth_oidc RPM version
mod_auth_openidc-2.4.9.4-8.module+el8.10.0+1976+99abe5eb.x86_64

httpd -V output

Server version: Apache/2.4.37 (Rocky Linux)
Server built:   Sep  8 2025 14:18:35
Server's Module Magic Number: 20120211:83
Server loaded:  APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture:   64-bit
Server MPM:     event
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

[zandbelt]

what is in the server error log wrt. remote_user with LogLevel set to auth_openidc:debug