I am in the process of upgrading to 10.8.  I have installed a clean environment on new Windows 2019 servers.  I am wanting to not use EEM going forward.  But, I cannot get my LDAP configuration to search for groups.  Single-user queries work.

Release : 10.8

After trying some new use cases, I determined that the group I was using for full access was not working.  Then I determined that I could get other groups to work but others would not.  So, after looking at the groups in AD I noticed that their cn name was different than the name I was using or seeing when I looked at my security groups.  Then I started messing with the realms configuration.  I have uploaded my working configurations. 

Basically, I changed groupNameAttribute to sAMAccountName from cn.  Now it can search for the group name provided by other security searches I use.  Like "net user /domain <user>", etc...

        <property name="groupNameAttribute">
            <value>sAMAccountName</value>
        </property>