Since you are using LDAP, there would be 2 files that are used:
authentication-providers.xml
ldap-mappings.xml
Is the new role defined in the ldap-mappings.xml file?
If not, then what ever value is defined for defaultRole in the authentication-providers.xml is what that user will get.
Can you verify the two files?