do you see the groups on FortiAuthenticator itself? You should be able to see the logins under Monitor > SSO > SSO sessions.
If the groups are present there, then the issue is with either FAC not sending the group information for whatever reason, or FortiGate not parsing it.
If the group information is NOT present in the FAC SSO session list, then the issue is with FAC/LDAP group lookup somewhere.
If you haven't done already, you could create a FortiGate Filtering rule for that specific FortiGate in FAC and set the according LDAP groups as filter; sometimes FAC and/or FortiGate will only take group information into account if it is actively filtered for.
You might want to edit the FSSO Connector on FortiGate and hit 'apply&refresh' on it to fetch the group filter settings from FortiAuthenticator (set the group filter location to Collector Agent/FAC, and FortiGate will adopt the filters set in the FortiGate filtering rule).
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++