Cant get LDAP to work in 10.0

LDAP authentication not working in MWS 10.0 even though it has the same setup as MWS 9.7 which is working.
In 10.0 MWS I can go to users and select the directory services ldap connection and it returns the correct list of users. This tells me LDAP works, however I cant login with the id/password setup in LDAP.
All this works fine in 9.7 MWS. Is there some new setup I am missing?

Snipit from full.log:

2017-09-05 15:25:50 CDT (Framework:INFO) [qtp1925079304-254] [RID:63] - Trying to authenticate user: g556083:q:
2017-09-05 15:25:50 CDT (directory:DEBUG) [qtp1925079304-254] [RID:63] - Cannot retrieved user [g556083:q:] from cache com.webmethods.portal.portlet.wm_xt_ldapdirsvc.service.LdapDirCache:m_cacheEnabled = [true];m_authenticateCacheEnabled = [true];m_dnCacheEnabled = [true];m_queryCacheEnabled = [true];m_uriCacheEnabled = [true];m_timeout = [3600000];m_authenticateTimeout = [120000];m_capacity = [1000];m_authenticateCapacity = [1000];
2017-09-05 15:25:50 CDT (directory:DEBUG) [qtp1925079304-254] [RID:63] - directory search:
query: (&(&(objectclass=person)(memberof=cn=ecommerce infrastructure,ou=other groups,ou=is security groups,ou=information systems,dc=genmills,dc=com))(samaccountname=g556083:q:))
scope: SCOPE_SUB
timeout: 0s
baseDN: ou=sites,dc=genmills,dc=com
maxSize: 0
attributes: ‘’ , ‘mail’ , ‘sAMAccountName’ , ‘givenName’ , ‘name’ , ‘cn’ , ‘sn’ , ‘objectclass’
2017-09-05 15:25:50 CDT (directory:DEBUG) [qtp1925079304-254] [RID:63] - directory search results:
time: 5ms
2017-09-05 15:25:50 CDT (directory:DEBUG) [qtp1925079304-254] [RID:63] - searchResults count: 0
2017-09-05 15:25:50 CDT (directory:DEBUG) [qtp1925079304-254] [RID:63] - LdapPagingCookie: start: 1 end: 21474836 total: 0 pageSize: 21474900 pageIndex: 0 pageCount: 0 sort: cn order: ascending resourceID: /meta/default/wm_xt_ldapdirsvc/0000010698 view: null userID: /meta/default/user/0000000001 query: null
2017-09-05 15:25:50 CDT (directory:DEBUG) [qtp1925079304-254] [RID:63] - Cannot retrieved user [g556083:q:] from cache com.webmethods.portal.portlet.wm_xt_sysdirsvc.service.SystemDirCache:m_cacheEnabled = [true];m_authenticateCacheEnabled = [true];m_dnCacheEnabled = [true];m_queryCacheEnabled = [false];m_uriCacheEnabled = [true];m_timeout = [2147483646];m_authenticateTimeout = [120000];m_capacity = [1000];m_authenticateCapacity = [1000];
2017-09-05 15:25:50 CDT (Framework:WARN) [qtp1925079304-254] [RID:63] - Authentication failed for user g556083:q:
2017-09-05 15:25:50 CDT (Framework:INFO) [qtp1925079304-254] [RID:63] - Validate::handle() - failed to login
2017-09-05 15:25:56 CDT (Framework:INFO) [qtp1925079304-255] [RID:64] - Request [rrv2od491f9unottko6hlt1x:SysAdmin] http://xmedid1.genmills.com:8687/ (POST)
2017-09-05 15:25:58 CDT (Framework:INFO) [qtp1925079304-256] [RID:65] - Request [1gna1skegqikalddzrc5vkkym:Guest] http://xmedid1:8687/user.current.start.page (POST)
2017-09-05 15:25:58 CDT (Framework:INFO) [qtp1925079304-256] [RID:65] - Trying to authenticate user: g556083
2017-09-05 15:25:58 CDT (directory:DEBUG) [qtp1925079304-256] [RID:65] - Cannot retrieved user [g556083] from cache com.webmethods.portal.portlet.wm_xt_ldapdirsvc.service.LdapDirCache:m_cacheEnabled = [true];m_authenticateCacheEnabled = [true];m_dnCacheEnabled = [true];m_queryCacheEnabled = [true];m_uriCacheEnabled = [true];m_timeout = [3600000];m_authenticateTimeout = [120000];m_capacity = [1000];m_authenticateCapacity = [1000];
2017-09-05 15:25:58 CDT (Framework:WARN) [qtp1925079304-256] [RID:65] - retrun null since DN [cn=doug dunn,ou=users,ou=mgo,ou=sites,dc=genmills,dc=com] doesn’t match baseDN [ou=other groups,ou=is security groups,ou=information systems,dc=genmills,dc=com]