The Search Constraints (defined on the LDAP Connection setting screen) limit which users j5 searches for in Active Directory. A search with these constraints and the additional constraint "(objectCategory=Person)" needs to return all of the users j5 should import.
The easiest way to achieve this is to create a special group to represent all users relevant to j5, and add all of the users that j5 needs to find for that group.
As an example:
Create a group with distinguished name (DN) of "CN=j5-Users,OU=Groups,DC=example,DC=com".
Add each j5 user to that group. This means each user that needs to be synchronized will have that DN in their "memberOf" attribute.
Configure the Search Constraints to search on group membership, escaping commas in values with backslashes. Using our example, you would set the search constraints to: memberOf=CN=j5-Users\,OU=Groups\,DC=example\,DC=com,DC=example,DC=com. This specifies that all of the users imported by j5 should have "CN=j5-Users,OU=Groups,DC=example,DC=com" in their memberOf attribute, and also fall hierarchically under "DC=example,DC=com".
When using memberOf in your search constraints, j5 returns the users that are found directly within the specified group and not the users found in child groups of the specified group.