searchFilter Assistance (wf 2.5)

Running AD, I’'ve managed to get LDAP up and working. My AD structure is not terribly great, but I am not at liberty to change it. I need to do some filtering to limit those login names that will work.

However, even specifying the simplest of filters seems to be failing: objectClass=User. Setting that filter prevents me from logging into the admin console. Does anyone with more LDAP experience than me know how to fix this?