Did you setup the search filter as described in the dcumentation:
Credentials search filter – This the filter that will be used to search for an entered username in the LDAP server. You must always include the `[%Username%]` token in this string, which will be replaced with the user name that was used for the login attempt. For an AD environment, this will usually be `(&(objectclass=user)(sAMAccountName="[%Username%]"))`.