When using the standard hub config ldap/ad gui settings we receive in a lot of cases a popup that indicate that we have too many entries in the "Group Container" filter when selecting the Test button.
This can result later that during the uim ldap sync process an error occurs with as result that no Active Directory users can login anymore.
But there are some not really well documented parameters, specially: filter_group, where you can use additional parameters to limit the search into teh Active Directory hierarchy.
Example that you can use in hub.cfg:
filter_group = (&(objectCategory=group) (cn=NIM_*))
The attached Word document tries to give a way to test, via ldp.exe, and find the most correct parameters to use to define the ldap/active directory security interface.
Note: comments are very welcome so that we can update this document.