Currently the pdm_ldap_import/sync tool do not support the standard CA syntax used in searches. When you group criteria together, when it gets translated to an ldap filter, starting at the grouping everything is dropped from the filter. Let me demonstrate:
using a filer of 'phone = '%' AND (userAccountControl=512 OR userAccountControl=1234) AND email = '*.com'
results in an ldap filter of 'telephoneNumber=*'
the reason for this is because they did not include any support in the SDM Clause-to-LDAP clause conversion for grouped criteria.
I see two solutions that could be implemented for this: 1. add support for groups in the conversion
2: just let us use an ldap query instead of translating a sdm query
either one is good, as long as it works