How to use LDAP ExternalAuth attr_match_list

We’re using RT 4.2.12-5 as packaged in Ubuntu 16.04.4 LTS.

We’ve successfully been authenticating against a Windows 2012 R2 AD controller via ExternalAuth for a while now, using the mail attribute as a username.

We now have requirement to just sAMAccountName for a subset of users to login. Can anyone tell me why this snippet of config isn’t working to do this?

Plugin(‘RT::Authen::ExternalAuth’);
Set( $ExternalAuthPriority, [“My_LDAP”] );

Set($ExternalSettings, {
#NSLC# AN LDAP SERVICE
’My_LDAP’ => {
‘type’ => ‘ldap’,

        'server'                    =>  'servername',
        'user'                      =>  'ldapuser
        'pass'                      =>  'notarealldappass',

        'base'                      =>

‘dc=national,dc=slcs,dc=ac,dc=uk’,
‘filter’ => ‘(&(objectCategory=person)(objectClass=user))’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,

tls => { verify => ‘none’,
},
‘net_ldap_args’ => [ version => 3 ],

        'attr_match_list' => [
            'EmailAddress','ExternalAuthId',
        ],
        'attr_map' => {
            'Name' => 'mail',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
            'ExternalAuthId' => 'sAMAccountName',
            'Gecos' => 'sAMAccountName',
            'WorkPhone' => 'telephoneNumber',
            'City' => 'l',
            'State' => 'st',
            'Zip' => 'postalCode',
            'Country' => 'co'
        },
    },
} );

Set( $AutoCreateNonExternalUsers, 1 );

It works fine for users with the mail attribute set, but for users where I’d expect it to user the sAMaccountname, I just get “Your username or password is incorrect” on login screen. how is attr_match_list supposed to work?

Thanks,

Ian