How to provide access privileges to LDAP users

I have 2 users (sssd_pb and sssd_qns) in LDAP as below

LDAP URL : ldaps://ldap_l.cisco.com:10648/uid=sssd_pb,ou=users,dc=sprint,dc=com?hasSubordinates,objectClass?one?(objectClass=*)

command line : ldapsearch -H ldaps://ldap_l.cisco.com:10648 -x -D “uid=admin,ou=system” -W -b “uid=sssd_pb,ou=users,dc=sprint,dc=com” -s one -a always -z 1000 “(objectClass=*)” “hasSubordinates” “objectClass”

baseObject : uid=sssd_pb,ou=users,dc=sprint,dc=com

filter : (objectClass=*)

attributes : hasSubordinates objectClass

LDAP URL : ldaps://ldap_l.cisco.com:10648/uid=sssd_qns,ou=users,dc=sprint,dc=com?hasSubordinates,objectClass?one?(objectClass=*)

command line : ldapsearch -H ldaps://ldap_l.cisco.com:10648 -x -D “uid=admin,ou=system” -W -b “uid=sssd_qns,ou=users,dc=sprint,dc=com” -s one -a always -z 1000 “(objectClass=*)” “hasSubordinates” “objectClass”

baseObject : uid=sssd_qns,ou=users,dc=sprint,dc=com

filter : (objectClass=*)

attributes : hasSubordinates objectClass

I want to grant Admin access to sssd_pb and Viewer access to sssd_qns.
May I know what should be values for ‘group_search_filter’, ‘group_search_base_dns’ and ‘[[servers.group_mappings]]’ in ldap.toml ?

I do not have ‘ou=groups’ in LDAP. Is it mandatory for my requirement?

I have fixed this. There was a problem in my LDAP entries.
After assigning groups correctly to users, it started working fine.