Hi -
Unfortunately, Active Directory does not support wildcards in DN attributes. From THIS technet article:
The wildcard character "*" is allowed, except when the is a DN attribute. Examples of DN attributes are distinguishedName, manager, directReports, member, and memberOf.
The wildcard for CN in the role search filter should work, but you will need to keep the full DN in the user list filter.
Is there some other attribute that you can filter on for these users? Or perhaps, are they under a unique branch of your LDAP tree so you can isolate the search?