I ran into a similar issue where we had an email address coming in, but we needed to use the user's sAMAccountName. Note: this ended up being a temporary solution because we ended up standardizing on the email address as the login attribute for BAW via WAS Configuration to prevent there being multiple userIds at play. To resolve this requirement, I was able to create a copy of a service in that toolkit and instead of having the service generate the LDAP query as above, I had the copy generate a query like the below to query against the attribute I was interested in and parse the username. What you are able to do will of course depend on your toolkit and the underlying jar file that is handling the integration.
Whenever I have to work on integrations to LDAP, I always use an LDAP query tool to make sure that my LDAP query or filter is correct before trying to put it into BAW so I don't spend time scratching my head wondering why the generated query won't work. This way when I get to implementing it in BAW, if it doesn't work, I know there is something going on with my query generation and I can compare it to the known working LDAP query from the other tool.
AdminTask.addIdMgrPropertyToEntityTypes ('[-name managedBy -dataType string -entityTypeNames Group]')
AdminTask.addIdMgrPropertyToEntityTypes ('[-name managedBy -dataType string -entityTypeNames Group]') AdminConfig.save()