I understand your requirement as you need two sets of uses to be authenticated via LDAP for AMP usage with different autherization i.e.
admin, and monitor only.
You will need to setup your LDAP in such a way that each autherized DN returns an attribute that matches with the role defined on AMP (with exact case matching)
say DN cn=nms_admin,cn=users,dc=domain,dc=com is to be autherized as admin on airwave, then
1) ensure that one of the attributes say 'AmpRole' has value 'Admin' configured in LDAP for this DN.
2) while doing LDAP configuration provide 'Role Attribute:' as 'AmpRole'
similaryly
say DN cn=nms_helpdesk,cn=users,dc=domain,dc=com is to be autherized as 'Read-Only Monitoring & Auditing' on airwave, then
1) ensure that one of the attributes say 'AmpRole' has value 'Read-Only Monitoring & Auditing' configured in LDAP for this DN.
2) while doing LDAP configuration provide 'Role Attribute:' as 'AmpRole'
Hope this helps.
Ava.