Hi,
LDAP can only pull down operator names and their rights/group membership.
You can hack this by using email for the dn $(login) key and having a workflow periodically copy the operator name to the email field, with the drawback of users having to login with their email addresses.
Thanks,
-Jon