Unsuccessful configuring LDAP authentication

[mvassli]

I work for a large company which is organized into several subsidiaries. Each subsidary has its own organization unit RDN.

E.g.
OU=Users,OU=Sub1,OU=Customers,DC=dnb1,DC=bank1,DC=no
OU=Users,OU=Sub2,OU=Customers,DC=dnb1,DC=bank1,DC=no

So far i have the following ldap configuratiion. This allows me as an employee of OU=Sub1 to successfully log in. Employees of Sub2 will however not be able to log in. I am attempting to rewrite my ldap config allowing employees from both sub1 and sub2 to log in.

apiVersion: v1
kind: ConfigMap
metadata:
  name: kafka-ui-map
data:
    config-location: "/etc/config/config.yaml"
    config.yaml: |-
      kafka:
        clusters:
          ...
      auth:
        type: "ldap"
      spring:
        ldap:
          urls: "ldaps://myorgldap.no:636"
          base: "CN={0},OU=Users,OU=Sub1,OU=Customers,DC=dnb1,DC=bank1,DC=no" 
          admin-user: ""
          admin-password: ""
          user-filter-search-base: ""
          user-filter-search-filter: ""
          #group-filter-search-base: "" #TODO allow rbac
      management:
        health:
          ldap:
            enabled: false
      #rbac: #TODO

I am aware that my base configuration is wrong. My understanding is that any of namingContexts or defaultNamingContext can be used as base

ldapsearch -b "" -h myorgldap.no -s base * +

...
namingContexts: DC=dnb1,DC=bank1,DC=no
namingContexts: CN=Configuration,DC=dnb1,DC=bank1,DC=no
namingContexts: CN=Schema,CN=Configuration,DC=dnb1,DC=bank1,DC=no
namingContexts: DC=ForestDnsZones,DC=dnb1,DC=bank1,DC=no
namingContexts: DC=DomainDnsZones,DC=dnb1,DC=bank1,DC=no
defaultNamingContext: DC=dnb1,DC=bank1,DC=no

I tried rewriting my ldap multiple ways, latest attempt was this

spring:
  ldap: 
    urls: "ldaps://myorgldap.no"
    base: "DC=dnb1,DC=bank1,DC=no"
    admin-user: ""
    admin-password: ""
    user-filter-search-base: "OU=Customers DC=dnb1,DC=bank1,DC=no"
    user-filter-search-filter: "(&(sAMAccountName={0})(|(OU=Users,OU=Sub1,OU=Customers)(OU=Users,OU=Sub2,OU=Customers)))" #also tried with CN={0} instead of sAMAccountName

However I always get the same errors Authentication failed: Uncategorized exception occured during LDAP processing or in this case
Authentication failed: Bad Credentials

2023-09-13 19:10:42,116 DEBUG [boundedElastic-1] o.s.s.l.a.BindAuthenticator: Failed to bind with any user DNs [DC=dnb1,DC=bank1,DC=no]
2023-09-13T19:10:42.131165651Z 2023-09-13 19:10:42,130 DEBUG [boundedElastic-1] o.s.l.c.s.AbstractContextSource: Got Ldap context on server 'ldaps://myorgldap.no:636'
2023-09-13T19:10:42.135612385Z 2023-09-13 19:10:42,135 DEBUG [boundedElastic-1] o.s.s.w.s.a.AuthenticationWebFilter: Authentication failed: Bad credentials

My apologies if this is more of an ldap question than anything, however I have struggeled with this issue for hours... My knowledge of ldap is also not great. Any pointers to relevant documentation that can assist me resolving this problem will be much appreciated!

Many thanks