I'm sure (pretty sure) I had this working before upgrading to version 6 , however my LDAP browser is not working the way I thought.
So, I've created a security group in AD, to which I've added 1 user (me)
I've setup my LDAP browser and the syntax is all good. When I run the "test" it confirms it finds 1 user.
The LDAP browser is then assigned to an Label - however once imported , the label assigns its self to all my users on the KBOX , rather that the person just in the group.
Hope Im making sense. Acutal syntax of my ldap label : (&(memberof=CN=App.MicrosoftVisioViewer2013,OU=Applications,OU=GROUP,OU=GXP1E,DC=MYDOMAIN,DC=com)(samaccountname=KBOX_USER))