Hi,
We’re still at very early days in setting up LDAP role management inside Ignition. Its one of those things that our developers have been wishing for for years but we hadn’t gotten around to looking at until now.
We need to get it working in over SSL to comply with new security requirements before we roll it out production-ready…
But the few tests we’ve done show that is is doable, as long as you’re not scared of LDAP filters 
Example of our user list filter, which finds all users directly or indirectly (via nesting) members of the “Global_Group_IGNITION_USERS” :
(&(objectClass=user)(!(objectClass=computer))(memberOf:1.2.840.113556.1.4.1941:=CN=Global_Group_IGNITION_USERS,OU=IGNITION,OU=WHATEVER,DC=subdomain,DC=domain,DC=int))
and the user search base : DC=domain,DC=int
for the domain controller, i’m setting the domain name itself, as DNS takes over and supplies the ‘closest’ DC based on sites & services topology (in theory)