LDAP/AD User Lookup - Member of an AD user group

[fmbstreve]

Hello,

I am fairly new to Cognos and I have been wracking my brain to figure out how to lock down LDAP/AD authentication to only AD users who are a member of a particular AD user group.

For example:
The user group is called COGNOS, under the OU of User Groups
The two users are Joe Smith and Mary Jones

I cannot figure out what to put in the user lookup of the LDAP configuration to

The LDAP query is:
(&(objectCategory=person)(memberOf=cn=COGNOS,ou=User Groups,dc=domain,dc=com))
that query gives me the cn results of the user names.

When I test, the login fails...
['LDAP']
[ ERROR ] CAM-AAA-0055 User input is required.
[ ERROR ] CAM-AAA-0036 Unable to authenticate because the credentials are invalid.
[ ERROR ] CAM-AAA-0125 The user 'Joe Smith' does not exist in this namespace.

I am thinking I need to add the ${userID} somewhere in there, but cannot figure our where.

All help would be appreciated!!