Auth problem is fixed, service account DN used the email only, changed to the full DN worked. Cannot get group assignment to work, ideas?