You can close this bug report. Discovered the configuration option "enumerate = true" for domain solved the issue.
It is related to LDAP schema rfc2307 (default), which support ldap group membership relation by memberUID attribute of group. In that case the enumeration needs to be enabled to get list of all LDAP groups populated into the cache. Other solution would be to use rfc2307bis schema, which support ldap group membership by user's memberOf attribute. In that case the enumeration should not be needed as the user group membership will be discovered within user information retrieval. Maybe documentation could be improved. -- Peter
