Thanks I'll take a look at the log files. In case this helps, here is my _config.php file:
<?php
/**
* External Authentication server definitions
* Change the parameters below to suit your authentication server, or disable
* this authentication method altogether
*/
Authenticator::register_authenticator("ExternalAuthenticator");
/**
* Create your authentication source
* The first parameter is the Source ID. Set this to something you deem
* approriate to this source. It must be unique among all authentication
* sources, may not contain special characters or spaces and must be
* shorter that 50 characters
* The second parameters is the type of server.
* At the moment LDAP, FTP, IMAP and HTTP are supported
* The third parameter is a nice name for this source, to be showed in
* drop-down form fields to choose the source
*
* You can create multiple sources with different of same types
**/
ExternalAuthenticator::createSource('totaleyecare','LDAP','Total Eyecare');
/**
* On login, users can choose the authentication source they want, or all
* sources can be checked in sequence till success (or failure)
* In this is set to true, the source selection box on the login page
* disappears. So you might want to set this to true if you have only one
* source.
*
* WARNING: If you set this to true, accounts from the different sources can
* eclipse eachother. The process stops at the first success.
*
* NOTE: The order in which accounts are checked depends on the order of the
* createSource statements
**/
ExternalAuthenticator::setAuthSequential(false);
/**
* How do we call a user ID?
* This string is informational and will appear on the login page
*/
ExternalAuthenticator::setIdDesc('User Name');
/**
* Hostname of the authentication server
* you can specify it like a normal hostname or IP number.
* If you use SSL or TLS, use the name matching the server certificate here
*/
ExternalAuthenticator::setAuthServer('totaleyecare','ts.totaleyecare.com.au');
/**
* The DN where your users reside. Be as specific as possible
* to prevent unexpected guests in the CMS, so typically your
* directory's base dn (o=.... or dc=....,dc=....) augmented with
* the ou where the accounts are
* WARNING: AD trick here. In the Unix world chances are that the users are on an OU
* not so on AD.
**/
ExternalAuthenticator::setOption('totaleyecare', 'basedn', 'cn=Users,dc=totaleyecare,dc=com,dc=au');
/**
* LDAP protocol version to use
* If you have TLS enabled, the version must be 3. The default is 3
**/
//ExternalAuthenticator::setOption('totaleyecare', 'ldapversion', 3);
/**
* You can use any unique attribute to authenticate as, this
* mail, or uid, or any other unique attribute.
*
* SilverStripe will search the ldap for this attribute set to the ID entered
* on the basedn and below
**/
ExternalAuthenticator::setOption('totaleyecare', 'attribute', 'sAMAccountName');
/**
* You have to possibility to auto create non existing users that do exists
* within the LDAP database. Set the option below to the group name you want
* to add the user to (case sensitive) or to false if users should not be
* created automatically
*
* WARNING WARNING WARNING
* If you do not have control over the external authentication source, you no
* longer control who can log in. USE WITH CARE
**/
ExternalAuthenticator::setAutoAdd('totaleyecare', false);
/**
* If your directory doesn't support anonymous searches you can
* specify an account below that will be used to search for the
* attribute containing the user ID as (dn, passwd)
**/
ExternalAuthenticator::setOption('totaleyecare', 'bind_as','cn="silverstripe,cn=Users,dc=totaleyecare,dc=com,dc=au"');
ExternalAuthenticator::setOption('totaleyecare', 'bind_pw', 'secret');
/**
* If you want account auto creation, you should also set the following
**/
ExternalAuthenticator::setOption('totaleyecare', 'firstname_attr', 'givenName');
ExternalAuthenticator::setOption('totaleyecare', 'surname_attr', 'sn');
ExternalAuthenticator::setOption('totaleyecare', 'email_attr', 'userPrincipalName');