So, I tried to start again from scratch with the ADIR permissions/accounts:

1) Delete the current AD application data source --> OK
2) Create new application data source --> OK
3) Add AD account collector with default value --> OK
4) Collect & publish --> get new accounts for AD users that are mapped with Identities --> OK
5) Add AD permission collector with default value --> OK
6) Collect & publish again --> get new permisssions for group membership of AD account --> OK
7) All identities from AD Identity source are mapped with AD account (same source) and get permissions (AD group) and also groups (same AD group).

This looks ok , now , I'm going to configure and test the LDAP fulfillment.