APEX

I am trying to set up my APEX application with LDAP. I've checked the documentation and other forums threads but haven't quite been fully successful. I think part of it may be an issue with the way my org's AD is set up - specifically that many users' CN is actually their full name and not their user name. Here is an example that works but isn't really desirable:

LDAP Host: myhost.mydomain.com
Port: 389
DN String: CN=%LDAP_USER%,OU=StandardSecurity,OU=Users, <some other OU's...>,DC=com

Username: John\, Doe
Password: <John's Password>

The problem is that it makes no sense to have users putting in their full names like that (including the escaped comma).

In John's example, I happen to know these two things about his entry in LDAP:
userPrincipalName: JDOE@mydomain.com
sAMAccountName: JDOE

In Apex 4.0, I notice that you can specify a search filter. It seems like I should be able to match on Principal or AccountName, but I'm not entirely sure how that works. I have tried things like below, but authentication fails.

DN String: OU=StandardSecurity,OU=Users, <some other OU's...>,DC=comDN:
Search Filter: sAMAccountName=%LDAP USER%

I can't tell exactly what the search filter does. Has anyone else run into issues with not being able to use the CN of users or been able to successfully use the search filter?