diff --git a/README.md b/README.md
index 31e6670..827d98e 100644
--- a/README.md
+++ b/README.md
@@ -107,9 +107,9 @@ When `AUTHELIA_ENABLED=true`, the app trusts Authelia headers:
 - `Remote-Name`: Display name
 - `Remote-Groups`: Comma-separated group list
 
-Group mapping:
-- `parking-admins` → admin role
-- `parking-managers` → manager role
+Group mapping (follows lldap naming convention):
+- `parking_admins` → admin role
+- `managers` → manager role
 - Others → employee role
 
 ## User Roles
diff --git a/app/config.py b/app/config.py
index ab661d1..3049206 100644
--- a/app/config.py
+++ b/app/config.py
@@ -28,9 +28,9 @@ AUTHELIA_HEADER_USER = os.getenv("AUTHELIA_HEADER_USER", "Remote-User")
 AUTHELIA_HEADER_NAME = os.getenv("AUTHELIA_HEADER_NAME", "Remote-Name")
 AUTHELIA_HEADER_EMAIL = os.getenv("AUTHELIA_HEADER_EMAIL", "Remote-Email")
 AUTHELIA_HEADER_GROUPS = os.getenv("AUTHELIA_HEADER_GROUPS", "Remote-Groups")
-# Group to role mapping
-AUTHELIA_ADMIN_GROUP = os.getenv("AUTHELIA_ADMIN_GROUP", "parking-admins")
-AUTHELIA_MANAGER_GROUP = os.getenv("AUTHELIA_MANAGER_GROUP", "parking-managers")
+# Group to role mapping (follows lldap naming convention)
+AUTHELIA_ADMIN_GROUP = os.getenv("AUTHELIA_ADMIN_GROUP", "parking_admins")
+AUTHELIA_MANAGER_GROUP = os.getenv("AUTHELIA_MANAGER_GROUP", "managers")
 
 # Email (optional)
 SMTP_HOST = os.getenv("SMTP_HOST", "")
diff --git a/deploy/DEPLOY.md b/deploy/DEPLOY.md
index d2eb6e4..565aa7f 100644
--- a/deploy/DEPLOY.md
+++ b/deploy/DEPLOY.md
@@ -95,9 +95,9 @@ parking.rocketscale.it {
 
 In lldap (https://ldap.rocketscale.it):
 
-1. Create group: `parking-admins`
-2. Create group: `parking-managers`
-3. Add yourself to `parking-admins`
+1. Create group: `parking_admins` (follows lldap naming convention)
+2. Create group: `managers` (reusable across apps)
+3. Add yourself to `parking_admins`
 
 ## Step 7: Deploy