The LDAP group must be tied to an ACL that is not an account ACL.
Account users can not generate reports only NMS users.
that may be were you are running into a problem.
The reason for this is that the report generation lets you see all data.
Hope this helps