Device LDAP Authenticable using group within cn?

Im trying to set up a Devise Authenticable LDAP login system. Right now, I can get it to work using all users. However, i would like to only use users within a certain group. To illustrate, as of now, using all users, the code looks like this:

production:
  host: my.host.domain.com
  port: 389
  attribute: AccountName
  base: cn=users,dc=my,dc=con,dc=to,dc=host
  admin_user: adminuser
  admin_password: password
  ssl: false

So the following is the code i wrote to make it only work within the group "demo2" located within users. However, now it doesnt work with ANY user... Any suggestions?

 production:
  hos开发者_开发问答t: my.host.domain.com
  port: 389
  attribute: AccountName
  base: cn=demo2,cn=users,dc=my,dc=con,dc=to,dc=host
  admin_user: adminuser
  admin_password: password
  ssl: false

I believe you want to use required_groups in your ldap.yml. If you look at the template file you can see the example:

group_base: ou=groups,dc=test,dc=com
## Requires config.ldap_check_group_membership in devise.rb be true
  # Can have multiple values, must match all to be authorized required_groups:
  # If only a group name is given, membership will be checked against "uniqueMember"
  - cn=admins,ou=groups,dc=test,dc=com