New Universal Login always choosing AD/LDAP connection instead of Custom Database

We have an application that uses two connections: a custom database and an AD/LDAP one. This works just fine with Classic Universal Login. The AD/LDAP connection has it’s IdP Domains set to “company dot com” (not the real domain but good enough for this description). We are NOT using Kerberos which I understand is not supported yet.

When we switch to New Universal Login, all login requests are sent to the AD/LDAP connection, regardless of the email domain.

For example, if I login with, it’s getting an invalid username/password error from the AD/LDAP connection even though is not in the list of IdP domains. It’s as if the login process is ignoring the custom database.

I can switch back to Classic Universal Login without any custom JavaScript and will be properly authenticated by the custom database.

Any hints as to what to try next?