Microsoft ad integraton witch mail is possible?

I managed to set up integration with Microsoft AD with the following configuration.
but I have ~30 services with integration, and everywhere the login is performed by e-mail as a login. and I would like to set up the rancher the same way. but if I put something in the default domain login, I immediately start to return 401 errors (Invalid Credentials)
or if I change the login attribute or search attribute to a “mail” (one or both), I will also receive a 401. I turned on the debug log mode, no new information appeared, swinging authorization. deploy rancher through helm in kubernetes, version 2.6.4