1. Don't know but here are my settings:
Name: (username to a domain admin)
Password: (a password)
User Login Filter: (&(sAMAccountName=%uid)(objectClass=person)(memberOf=CN=CloudGroup,OU=special,OU=groups,DC=domain,DC=se)(!(userAccountControl:1.2.840.113518.104.22.1684:=2)))
Group Filter: (none)
Base User Tree: OU=Users,OU=company,DC=domain,DC=se
Base Group Tree: None
Group-Member association: uniqueMember
Use TLS: unchecked
Case insensitve LDAP server: unchecked
Display Name Field: sAMAccountName
Group Display Name Field: (none)
2. It should be that all users that fits your ldap-query should be able to login. Ex from my line: sAMAccountName=%uid, objectClass=person. All accounts that are persons that exists in "memberOf=CN=CloudGroup,OU=special,OU=groups,DC=domain,DC=se" (a custom group) will be able to login.
3. In my case I can login with just user and password, no need to put domain\user and password.
Hope it helps.
And about the ldap-query, thanks to people here on the forum (sorry can't remember the names)