Authentication should not be successful if request returns an ambiguous result for the user
1. set up IDM to recon users and groups from AD
2. configure AD provisioner file such that baseContexts overlapped, example
3. log in with "Administrator" - DN = CN=Administrator,CN=Users,DC=internal,DC=test3,DC=forgerock,DC=com
authentication fails and user not logged in
felix console shows
but user is logged in with default role "internal/role/openidm-authorized"