Thanks for the suggestions, Jeff.
Strace logs didn’t help me much, but I eventually figured out what was going on: selinux!
The denials were filtered out by the default settings on EL8, but after doing semodule -DB it turned out that httpd_t was denied the net_admin capability. I just confirmed that allow httpd_t self:capability net_admin removes the delay I was seeing.
I’ll be setting up another OOD instance from scratch in a week or two, and I’ll check to see if the same problems happens, and if I can I will update this issue so others can benefit. For now I basically did:
semodule -DB
# log into a fresh session here
audit2allow -a -M ood_sudo
semodule -i ood_sudo.pp
semodule -B