LDAP query returns "empty result" while same query with ldapsearch works

Our (munged) config:

[ldap]
type = activedirectory
uri = ldaps://server01.domain.local:636/
base = dc=domain,dc=local
binduser = DOMAIN\zabbix_ldap
bindpass = <the_pass>
groups = Company Employees

[ad]
filtergroup = (&(objectClass=group)(name=%s))
filteruser = (objectClass=user)(objectCategory=Person)
filterdisabled = (!(userAccountControl:1.2.840.113556.1.4.803:=2))
filtermemberof = (memberOf:1.2.840.113556.1.4.1941:=%s)
groupattribute = member
userattribute = sAMAccountName

When I use ldapsearch to query server01.domain.local using the filters as shown above, I get the list of users and groups that I expect (although I don't seem to be able to combine e.g. filteruser and filtermemberof, so I expect those matches are done in code?). Therefore I expect (hope) that the config I'm supplying is correct.

When I run zabbix-ldap-sync in verbose mode, I see:

[ldaps connection success omited]

** ld 0x1d770b0 Connections:
* host: server01.domain.local  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Tue Apr  2 16:46:11 2019

** ld 0x1d770b0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x1d770b0 request count 1 (abandoned 0)
** ld 0x1d770b0 Response Queue:
   Empty
  ld 0x1d770b0 response count 0
ldap_chkResponseList ld 0x1d770b0 msgid 1 all 1
ldap_chkResponseList returns ld 0x1d770b0 NULL
ldap_int_select
read1msg: ld 0x1d770b0 msgid 1 all 1
read1msg: ld 0x1d770b0 msgid 1 message type bind
read1msg: ld 0x1d770b0 0 new referrals
read1msg:  mark request completed, ld 0x1d770b0 msgid 1
request done: ld 0x1d770b0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree

Since I'm not that good at Python.. At which step can I add a "print" to see the query that is used?

zabbix-tooling / zabbix-ldap-sync

LDAP query returns "empty result" while same query with ldapsearch works #14