Authenticating LDAP with AD group

Hello all.

I have the goal of only allowing LDAP authentication for users assigned to a specific group in my AD. I was able to authenticate perfectly with a bind account that just lists all users.

I have read the documentation which states.

Tip: If you want to limit access to the nested members of an Active Directory group you can use the following syntax:
(memberOf=CN=My Group,DC=Example,DC=com)

Here is my current configuration. I verified the password is 100% correct. “company” is a placeholder. Is my bind_dn string just not correct?

gitlab_rails['ldap_enabled'] = true
 gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'ActiveDirectory'
     host: ''
     port: '636'
     uid: 'sAMAccountName'
     method: 'ssl' # "tls" or "ssl" or "plain"
     bind_dn: 'memberOf=CN=LDAPGitlab,DC=company,DC=com'
     password: 'redacted'
     active_directory: true
     allow_username_or_email_login: false
     block_auto_created_users: true
     base: 'DC=company,DC=com'
     user_filter: ' '

The problem is when I run gitlab-rake gitlab:ldap:check It comes back with the error message.

`Checking LDAP …

Server: ldapmain
LDAP authentication… Failed. Check bind_dn and password configuration values
LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP … Finished`

Thank you for taking a look.