One thing to watch out for with LDAP injection is the wildcard character ('*') at the end of the user input. It's a perfectly valid character for search queries, but if you're expecting a unique username then you should definitely sanitize this before building the filter and passing it on. Regular expressions are typically used for this.
The code for Java's Filter
class can be found here:
http://www.docjar.com/html/api/com/sun/jndi/ldap/Filter.java.html
Looks like the encodeSimpleFilter
function is what throws the Missing 'equals' exception.
If you want to check the final LDAP filter that's passed to AD you can easily use WireShark for unencrypted connections or view the query using info from this serverfault thread: