Authenticating using membership provider for Active Directory in EPiServer CMS 6 is not just a straight forward road. The main thing is that you first believe that opening port 389 is enough on the AD server, because your found it on some blog and you tried with Softerra ldap browser and it worked just fine.
But, the ActiveDirectoryMembershipProvider needs two ports to be opened, port 389 and 445.
Then life becomes much easier...
And of course
LDAP string in connectionstring must have a valid correct path, for example:
LDAP://mail.company.se/OU=Users,DC=company,DC=local
But you can easily find that out in the Softerra for example when successfully connected
And the settings in Softerra that worked for me was on the Credentials tab, select Other credentials and the "GSS negotiate" and fill the login fields.