I'm big into web security, so i COMPLETELY understand about being paranoid. ;)
Looked at the sceenshot you sent. I'd suggest using the cn attribute vs the email address since it is POSSIBLE that your organization might have an exception to it's normal rule for email addresses. I hate saying hack the plugin since that means you'll have to redo the hacks everytime i release an update, but until i can figure out an easy way to have that be a configuration option, i dont know any other option.
As for contacting me, it's in the info on the wpdiratuh wordpress directory page, but you can always email me at email@example.com. Just make sure to include 'wpdirauth' in the subject line. I'm also monitoring these forums for any mention of 'wpdirauth'. And facebook works as well (facebook.com/gilzow).
Back to the password issue. Let's try this. At the beginning of the function wpDirAuth_auth (line 335 in version 1.6.0), add the following:
$password = stripslashes($password);
And then have your user try again. I was under the impression that wordpress disabled magic_quotes if it was enabled in the ini file, but i could be wrong.