Can you provide the following info:

a) Element OS version 

b) LDAP back end info (AD, OpenLDAP, etc.)

c) Settings you used

a) Element OS version --- 9.3

b) LDAP back end info (AD, OpenLDAP, etc.) ---- AD

c) Settings you used

user search filter === (objectClass=person)(sAMAccountName=%USERNAME%))

auth type ==== search and bind

group search type ========= AD

As Sahana suggested, take a look at the AD example in the docs.

userSearchBaseDN and few other things you didn't mention are given in there. 

It's faster to try by using the API or CLI (PowerShell or Python) because you don't have to click and type a ton of times to retry.

There are two places where LDAP can fail - bind and search.

Bind is the login portion, which gives you access to search. Sounds like that's working for you.

Search can fail for a number of reasons:

- wrong search scope

- wrong base DN specified

- incorrect LDAP schema attributes specified

- object doesn't exist/isn't populated with UNIX attributes in AD

There's no way to resolve this issue without the details asked for in previous posts. We'd need the DN specified, the schema being used and Powershell output of the AD object being queried.

For example: Get-ADUser {name} -properties *

Video walk-through

https://www.youtube.com/watch?v=IY8ooGMSaOA