LDAP roles not assigned to users after migration from 3.1 to 4.1

Issue: LDAP roles not assigned to users after migration from 3.1 to 4.1

Cause:

Assumption: Groups might not added before migration.

Detailed background of issue:

Assume migrated 3.1 objects to 4.1 (New system).

LDAP groups are not syncing for all our users unless I manually re-create their LDAP alias.  But aliases assigned to all users successfully. For example, <User> has a valid LDAP alias, shown here in the Properties section of his user profile:

However, when we look at Member Of, his Information Technology LDAP group does not appear:

Actual assigned LDAP group should show as below. As of now we are deleting alias –> recreating Enterprise alias –> deleting enterprise alias and finally –> Re-creating LDAP group alias.

Update groups and users with alias option is not working using on-demand option.

Resolution:

• Try with on-demand option as this is worked for me in Development environment.
• Remove LDAP groups and add again in CMC LDAP configuration.