LDAP configuration to filter app access by group


We are trying to to set a shinyproxy server with LDAP security and two apps with different access-groups configured. The users added to the LDAP server can login to the server. However, the group filter is not working correctly, since all the users have the same permissions when they log in to the server. This is the how we configured the ldap part in our shinyproxy:

url: ldap://ourIP:389/dc=ourdomain,dc=com
manager-dn: cn=admin,dc=ourdomain,dc=com
manager-password: ++++++++
group-search-base: ou=Groups
group-search-filter: (|(cn=admingroup)(cn=nonadmingroup))
user-search-base: ou=People
user-search-filter: uid={0}

There is a similar question (Ldap configuration for Admin & Nonadmin groups) in this forum without a valid answer.

Maybe I don’t understand the issue but here is the way I do it.
In the spec section of the application.yml file, you can add an access-group key to each app and list the LDAP groups that are authorized to view/use the app, e.g.:

  - name: euler
    display-name: "Euler's number"
    description: Adding another app to shinyproxy
    docker-cmd: ["R", "-e shiny::runApp('/root/euler')"]
    docker-image: openanalytics/shinyproxy-template
    access-groups: ['scientists', 'admins']

With this, my ldap section is just:

  - ldap:
    url: ldap://ldap.domain.url:389/dc=domain,dc=org
    user-search-filter: uid={0}
    group-search-filter: (uniqueMember={0})