I agree with Rick that this should get documented. Perhaps, Andreas, you could log this issue as a documentation improvement in JIRA? Also, I wondered - in some recent testing I found that 'connect' permission was not sufficient, I needed "connect, resolve" to the ldapServer. Has that been your experience too?
Regards, Myrna
