Hi,
Try to query your role based on groupofuniquenames object class. This represent a group in your LDAP directory
Correction: Check you directory service configuration. If you define a User DN it should point to the base distinguished name where to find groups or users. Verify your Users & group attributes that they are correctly defined
User Attributes
User Object Class = person
User ID : cn
Last Name : sn
First Name :givenName
Full Name : cn
E-mail Address : email
Password : userpassword
Group Attributes
Group Object class should point to group,