I do agree. That should never happen, but indeed is happening. I think is a bug
I took a tcpdump network capture, and I can clearly see how the Gluu server is asking the OpenLDAP server for admin group membership:
10.1.65.70 10.1.65.189 LDAP 222 searchRequest(3) "ou=people,o=@!50AA.FB61.AB71.8E2F!0001!4792.066E,o=gluu" wholeSubtree
Clearly, this is the reason why I don't see the admin dashboard when login.
To summarize, this is a default installation in which I only configured the Cache Refresh, added an external LDAP user to the gluuManager group in the internal LDAP and changed the Authentication to use the external LDAP. Nothing else has been changed from the default installation.