mod_shared_roster_ldap

Hi, everyone

I'm trying to setup mod_shared_roster_ldap

the config I am using:

{mod_shared_roster_ldap,[
{ldap_servers, ["10.0.1.80"]},
{ldap_rootdn, "CN=ldapbind,CN=Users,DC=my,DC=domain"},
{ldap_password, "P@ssw0rd"},
%%{ldap_auth_check, "off"},
{ldap_base, "CN=Users,DC=my,DC=domain"},

{ldap_rfilter, "(objectClass=group)"},
{ldap_filter, ""},
{ldap_gfilter, "(&(objectClass=group)(cn=%g))"},
{ldap_groupdesc, "name"},
{ldap_memberattr, "member"},
{ldap_memberattr_format, "cn=%u,cn=Users,dc=my,dc=domain"},
{ldap_ufilter, "(&(objectClass=user)(cn=%u))"},
{ldap_userdesc, "displayName"}

]}

this was made using an example from official documentation "Deep DIT"

We are using Active Directory where we have 2 groups: "CN=social,CN=Users,DC=my,DC=domain" and "CN=Отдел разработки ПО,CN=Users,DC=my,DC=domain"

each group has a number of members, which are written in attributes (in these groups) "member"

and nothing appears in roster(((((

Also I tried to use Flat DIT example from documentation

with the following config:

{mod_shared_roster_ldap,[
{ldap_servers, ["10.0.1.80"]},
{ldap_rootdn, "CN=ldapbind,CN=Users,DC=my,DC=domain"},
{ldap_password, "P@ssw0rd"},
%%{ldap_auth_check, "off"},
{ldap_base, "CN=Users,DC=my,DC=domain"},

{ldap_rfilter, "(objectClass=user)"},
{ldap_groupattr, "department"},
{ldap_memberattr, "sAMAccountName"},
{ldap_filter, "(objectClass=user)"},
{ldap_userdesc, "displayName"}

]}

as I understand - ejabberd here should search AD for items "user" and then watch for "department" (which would be our roster groups), connecting rosteritems with accounts in AD by "sAMAccountName"

and still nothing happend(((

I should also say that we use custom external auth script, but I doubt it might be a problem

Please help!!