Group sync, group mapping issues with FreeIPA as external AAA source

Hello
1 I have an issue with group sync, group mapping with FreeIPA as external AAA source.
Unable to enumerate groups and users
2. Current Config
FreeIPA ver 4.10.0
GitLab Enterprise Edition 15.7.3-ee with Trial License
gitlab-rake gitlab:ldap:check
root@server08:/home/vitalii.mikhno# gitlab-rake gitlab:ldap:check
Checking LDAP …
LDAP: … Server: ldapmain
not verifying SSL hostname of LDAPS server ‘ipa01.udaff.studio:636’
LDAP authentication… Success
LDAP users with access to your GitLab server (only showing the first 100 results)
show users

gitlab-rake gitlab:ldap:group_sync
	LDAP GroupSync is enabled.
	Starting GroupSync...
	not verifying SSL hostname of LDAPS server 'ipa01.udaff.studio:636'
	Finished GroupSync.

The groups 'gitlab_users' и 'gitlab_admins' has been created.
Gitlab admins includeded in group 'gitlab_users' и 'gitlab_admins'
Ordinary gitlab users included in 'gitlab_users' only.

Part of Gitlab server config are below:
###! remember to close this block with ‘EOS’ below
gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’
main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
label: ‘UDAFF.STUDIO’
host: ‘ipa01.udaff.studio’
port: 636
uid: ‘uid’
bind_dn: ‘uid=ldapuser,cn=users,cn=accounts,dc=udaff,dc=studio’
password: ‘password’
encryption: ‘simple_tls’ # “start_tls” or “simple_tls” or “plain”
timeout: 60
verify_certificates: false
smartcard_auth: false
active_directory: false
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: ‘cn=accounts,dc=udaff,dc=studio’
user_filter: ‘(objectClass=person)’ #for personal use

EE only

group_base: ‘cn=groups,cn=accounts,dc=udaff,dc=studio’
admin_group: ‘gitlab_admins’
sync_ssh_keys: ‘ipaSshPubKey’
attributes:
username: [‘uid’]
email: [‘mail’]
name: ‘displayName’
first_name: ‘givenName’
last_name: ‘sn’
EOS

  1. Steps to reproduce problem
    2.1 Create ‘user1’ in FreeIPA, add to ‘gitlab_users’ group
    2.2 Reset ‘user1’ password via FreeIPA web-interface login
    2.3 Log in to Gitlab server as ‘user1’
    2.4 Log in to Gitlab server as another user from FreeIPA domain with admin priveleges
    The ‘user1’ can get admin rights if I add to gitlab_users group (i.e user sync, user membership sync are working)
    2.5 User shown in Gitlab GUI
    2.5 Can not find any another user or group in Admin GUI (find user). Any group, any user