mod_shared_roster_ldap with AD 2008 R2?

I have been working on this for a couple days now and have read countless conflicting posts regarding how to get this working in AD or if it's even possible.

Ejabberd: 2.1.1.0
Domain: AD 2008 R2

I'm hosting ejabberd from a Windows server.

I created a group here and put some test users in it:
cn=XMPP_test_group,ou=XMPP_Groups,ou=my company,dc=mydomain,dc=local

My users are all in:
ou=users,ou=my company,dc=mydomain,dc=local

Each user's cn is in the format:
cn="firstname lastname"

This means that my jids cannot be directly extracted from a user's dn but rather need to come from something like sAMAccountName or UserPrincipleName. This is a problem, I gather, because the "member" attribute that enumerates the members of a group provides a dn for each member rather than a sAMAccountName that can immediately be used as a jid.

A few users have claimed to get mod_shared_roster_ldap working with AD, some by using a patch and others not. None of the stated unpatched configurations have worked for me (I haven't tried the patched configurations for lack of understanding of how to do so as well as a desire to stick with the primary stable version if possible, since some have claimed to have gotten this working without mentioning patching).

Does anyone have a current example of a working mod_shared_roster_ldap configuration that is able to handle cns that don't match sAMAccountNames? Or clear instructions and configuration information for using a patch?

This is a major barrier to use at the customer I'm trying to deploy this for.