We were having a similar situation in our environment and the issue ended up being that the group in question lived in an Active Directory branch outside the defined groupBaseDN value. Once we added that branch to the groupBaseDN filter, access worked like a champ.
Original Value:
groupBaseDN = OU=Server_Groups,DC=Enterprise,DC=MyDomain,DC=com
Updated Value:
groupBaseDN = OU=Server_Groups,DC=Enterprise,DC=MyDomain,DC=com;OU=Access_Groups,DC=Enterprise,DC=MyDomain,DC=com
... View more