Can you include your wildfire.xml, also where are your users located within AD? The default users container? Also what domain are your users in? Are they being pulled from another domain within your forest?
You probably need the staff OU. The problem probably lies with the fact that you entered is as a CN ont an OU. Change it to OU=staff. Also the Host name should be a fully qualified domain name (icarus.domain.com)
Not sure if this helps but I could not get LDAP to work in my AD domain w/o requiring SSL (“Enable SSL connections to your LDAP server, default port is usually 636”) - but I use port 3269.
For the search I have this: <searchFilter>(objectClass=organizationalPerson)(objectCategory=person)&l t;/searchFilter>
I added “objectClass=organizationalPerson” because my Base DN starts at the top (<baseDN>DC=domainname,DC=com</baseDN>) to filter out all the machine names, etc. since I use OUs in addition to the default Users.