Try this query. It’s not as efficient as your original query since it reads more rows, but sometimes it can’t be helped.
We start by reading both connection and BIND events then putting them together using stats. Then we filter out those not in the lookup file.
index=name conn ("connection from" OR "BIND")
| stats values(*) as * by conn
| search [| inputlookup UIDlist.csv
|rename UID AS uid
| return $uid ]
| rex field=_raw "connection from (?<FROM_IP>\d+\.\d+\.\d+\.\d+):"
| rex field=dn "uid=(?<uid>[^,]+)"
| stats count by FROM_IP, uid
CLICK HERE to find out more related problems solutions.