Many people have trouble getting the BaseDN and bind details correct to successfully configure ZendTo to use your Active Directory authentication system.
The easiest way to get these configuration settings correct is to use the ldapsearch command (normally part of ldap-utils package or similar) to experiment with different values until it works on the command line.
For this example, we will use the site "example.com", connecting to the AD server "ad_server.example.com" as user "ad_read_user" with password "ad_read_password". The correct BaseDN will be "OU=Staff,OU=users,DC=example,DC=com". If you run the command
ldapsearch -x -LLL -E pr=200/noprompt -h ad_server.example.com -D 'ad_read_user' -w 'ad_read_password' -b 'OU=Staff,OU=users,DC=example,DC=com' -s sub (sAMAccountName=*)' cn mail memberOf
Experiment with different values for
When you get them right, the command will output the username, email address and group information for all the users it finds. You should make sure this includes all the users you want to be able to use ZendTo (very often you don't want the "OU=Staff," bit if you want all your users to be able to use ZendTo).
When you have got them right, the corresponding preferences.php settings are