I've configured AD SSO and chose "ldap lookup server" to none and everything worked fine and put all users to default role in AD SSO configuration.
Now I need to configure different user role based on user membership in AD. So I configured lookup server and add it to AD SSO server. then confiured mapping rules and put "memberof" attribute in LDAP. But it doesn't work. still all users login to the default role, and it seems LDAP lookup server and mapping rules doesn't receive memberof attribute from AD.
any suggestion would be very appreciated.