The Active Directory, LDAP, or NIS group name can be specified only with the domain or nsswitch authentication method and ontapi and ssh application. (Ref: http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-adm-auth-rbac%2FGUID-0DB65B04-71DB-43F4-9A0F-850C93C4896C.html)
Since the OCSM is configured internally, they can authenticate the users internally.Change the authentication method to internal.
Also refer a similar discussion: http://community.netapp.com/t5/Network-Storage-Protocols-Discussions/When-to-use-security-admin-authentication-internal-or-nsswitch/m-p/112545#M8074
Live Chat, Watch Parties, and More!
Engage digitally throughout the sales process, from product discovery to conﬁguration, and handle all your post-purchase needs.