AD/LDAP Auth on rSeries F5-OS

AD/LDAP auth on F5-OS seems unnecessarily complicated compared to how TMOS handles it. Does anyone have this working in their environment? If so, can you explain which attributes are created (F5-F5OS-UID, F5-F5OS-GID, uidNumber, gidNumber, etc.) and if they are applied directly to the AD user and/or AD group?

The config guide mentions that F5-F5OS-GID is the only required attribute (F5-F5OS-UID defaults to 1001). It's not clear to me if this attribute must be added directly to the user account or if it can be created in an AD group that the user is a member of.

Then there is a Solution Article that says LDAP requires the user have a uidNumber and gidNumber. The AD group must have a gidNumber that corresponds to the associated group ID of the F5 system role. They provide an example of a AD user and AD group showing uidNumber and gidNumber, but there is no reference to F5-F5OS-GID.