OK - I would check the dex logs with systemctl status ondemand-dex or journalctl ondemand-dex. Dex may be letting you know if there’s something wrong.
I think that preferredUsernameAttr is important, so I would go back and enable that.
Beyond that (if setting preferredUsernameAttr doesn’t just directly work) - I would start to debug your LDAP (indeed the dex logs may indicate what’s going wrong here).
The 2 things I’d confirm are
- the LDAP query correctly returns the user’s record you’re looking for
- LDAP fields in the record line up with what you’ve configured there.
You can use this topic for some pointers on ldapsearch.