NTLM + ldap overlay problem

Using this configuration method (
http://blank.org/memory/output/rt-ad-sso.html), it seems the NTLM part
works, but nothing gets pulled in via LDAP - the username created is the NT
username, but the email address does not get pulled in. A packet capture of
the LDAP session indicates that the search filter being used is

(&(mail=)(objectclass=user))

Which dooes not generate any results, which is not surprising because that
search filter looks remarkably suspect to me. RT should be searching on the
sAMAccountName (the windows username), but instead appears to be searching
on mail, but without a value. Any ideas?

Here is my relevant siteconfig :

Set($LdapAuthUidAttr, ‘sAMAccountName’);
Set($LdapAuthFilter, ‘(objectClass=user)’);
Set($LdapMailBase, ‘dc=domain,dc=goeshere,dc=com’);
Set($LdapMailFilter, ‘(objectClass=user)’);
Set($LdapMailScope, ‘sub’);
Set($LdapMailSearchAttr, ‘mail’);
%RT::LdapMailResultMap = (
‘sAMAccountName’ => ‘Name’,
‘mail’ => ‘EmailAddress’,
‘cn’ => ‘RealName’,
);

Matt