Well, after going through some cycles of trying and giving up, I got it to work again.

As mentioned above, there is a <root>/cgi-bin/RO directory that unauthenticated users can access, and a <root>/cgi-bin/RW directory, there you can make changes,that only authenticated users should be able to access.

I got it to work by removing "Require all granted" from <root>/cgi-bin. I now only have "Require all granted" for the <root> directory, and "Require valid-user" for the <root>/cgi-bin/RW folder.

Side note: if you need to restrict access to certain AD groups, you have to use the AuthzProviderAlias construct. Putting in "Require ldap-group <group identifier>" does not work, you have to put "Require <alias>" in, where <alias> is of course the alias you defined in the AuthzProviderAlias construct.