I have a similar configuration. Following are my changes:
I used the construction allowing authentication using both “Username” or “email” as the Sign In dialog states "Username or email (adapted to match the example from @KangoV this looks like)
I further used the “Admin Filter” as well. I placed here a memberOf construction:
Unchecked “Fetch attributes in Bind DN context”. I did not understand the Pull request #2634. Does anyone know what or how this influences the authentication?
Another difference is that i used “givenName” instead of “cn” for the “First name attribute” but this is not a big deal (cn turns up empty in my situation).
I did encounter a login problem. This had to do with an organisation named “John” and a user named “John”. The user could not log in leaving no clues in the logs… When i removed the organisation the user could login using the LDAP mechanism.
Does anyone know if it is also possible to put this configuration in the custom app.ini file? It looks like this information gets stored in the database…