Hello, we use Mantis since quite a long time. But until now we use baisc authentication mantis-native, now we plan to switch to LDAP (Windows AD) authentication. We managed to configure it so far, but we have a strange issue. We do have the following configuration:

$g_login_method = LDAP;
$g_ldap_server = 'ldap://some-server:389';
$g_ldap_root_dn = 'DC=domain,DC=com';
$g_ldap_organization = '(objectClass=user)(memberOf=CN=MantisUser,OU=Security Groups,DC=domain,DC=com)';
$g_ldap_uid_field = 'sAMAccountName';
$g_ldap_bind_dn = 'CN=ldapuser,OU=Users,DC=domain,DC=com';
$g_ldap_bind_passwd = 'xxxxx';
$g_use_ldap_email = ON;
$g_use_ldap_realname = ON;
$g_ldap_protocol_version = 3;
$g_ldap_follow_referrals = OFF;
$g_ldap_network_timeout = 300;

So, basically we filter on objectClass user and check for membership in a specific group. But this group membership only works with "old", previously already in mantis-only created users. With new users, which are automatically created in Mantis due to the fact that they login first time authenticating against AD, this filter does not work.
If I only use <$g_ldap_organization = '(objectClass=user)';> everything works fine, in Mantis yet non-existent users can login for the first time and their account is created accordingly in Mantis, based on their AD criteria, Full name, password, email etc... When I then switch to <$g_ldap_organization = '(objectClass=user)(memberOf=CN=MantisUser,OU=Security Groups,DC=domain,DC=com)';> these user cannot login anymore. But old, already created and used users from Mantis, still can login with this settings. Even using <$g_ldap_organization = '(memberOf=CN=MantisUser,OU=Security Groups,DC=domain,DC=com)';> only works for old existing users,but not for these autoamtically users created in Manits from AD. I checked for everything, so the group membership criteria realy is considered (for the users which can login)...)
Any idea why? Is this a bug?