@denkar In your outputs you’ll notice that backend_roles array is empty. This should contain all the groups assigned to the user in the IdP (OpenLdap).
When you look at the OpenLdap logs you’ll find the similar line
conn=1234 op=2 SRCH base="ou=groups,dc=example,dc=org" scope=2 deref=3 filter="(member=cn=user1,ou=users,dc=example,dc=org)"
This is how OpenLdap searches for a user in each group. I’m not sure if this is configurable.
Looking at your screenshot I assume that you’ve set memberUid as I did the first time.
Instead of typing the full user’s DN you’ve just typed the user’s CN.
Since the filter is using full DN to search the members in the group the result will be empty.
I’ve fixed that by adding the user’s DN as memberUid.
I hope this will help.