Thanks. 1. One issue that I could get past was to change the objectClass of the the LDAP groups from groupOfNames to groupOfUniqueNames. That triggered the LDAPEntryResolver to recognize the LDAP group. { Why is that ?? }2. After that when I login , strangely, the group is still not created , but ...