Hi
Thanks for all the help!
First of all: PAP was enabled.
Second: The alarm was related to the use of LDAP over SSL and Failed to verify server certs. I didn't really think that it had anything to do with this, but to get rid of the alert I changed the ldap settings back to clear-text ldap.
And then for the good news: I got it to work by adding multiple profiles witch sets the admin_priviliges to the correct role based on the memberof attribute from AD.
So mission accomplished.
But whats bugging me is, why doesn't memberof work with the operator translation rules in CP Guest? It seems so easy, but it just doesn't work...