Need help with LDAP user login filter

I've been googling it for a bit, but have had no success.  I can log in, no problem with LDAP as it is, but I want to restrict to a user group. Per the Typically used configs they have online, I found the following:

teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(memberOf=CN=App Support,OU=Groups,OU=Secured,DC=company,DC=net))

I also commented the following as stated in their doc:

#teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)

#teamcity.users.username=sAMAccountName

#teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)

Then I get an error:

Login failed with messages:
Incorrect username or password.
Error in configuration. Please contact your system administrator.

As soon as I uncomment the three lines about and comment out the filter, I can login again. I do see that there is a space in "App Support", so I used url escaping, just space, wrapped everything after memberOf= with quotes, but still the same thing. Any help is greatly appreciated.