A few suggestions:
1. Remove the second server... the one labeled "auth_ldap_server" with cn=directory manager.
2. Change the name for the AD server from "Riverford_AD" back to "auth_ldap_server", and set this as the default. Changing the name is probably ok, but I'd keep it standard, see if it works, and then change it.
3. Don't map attribute names that are the same, e.g.. no need to map `cn` --> `cn`. This is not breaking anything, but it's wasting cycles.