Hi Yasmena,
Basically you can use the same configuration for an LDAP authentication server as an LDAP lookup servr - the differences are that one is used for authentication (which you are already doing by using AD SSO) and one is for mapping purposes. So, if you're having problems with the mapping portion, you can duplicate the LDAP server and mappings as an authentication server, and then use the Auth Test to see what you're being mapped to.
Thanks,
Lauren