update enhanced-ldap (#65687)

* update enhanced-ldap

documenting a potential issue with ldap active sync, when search filter and username attributes do not match.

* Update docs/sources/setup-grafana/configure-security/configure-authentication/enhanced-ldap/index.md

* formats example

* Update docs/sources/setup-grafana/configure-security/configure-authentication/enhanced-ldap/index.md

---------

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
Co-authored-by: Chris Moyer <chris.moyer@grafana.com>

docs/sources/setup-grafana/configure-security/configure-authentication/enhanced-ldap/index.md

@@ -67,3 +67,17 @@ active_sync_enabled = true # enabled by default
 ```
 
 Single bind configuration (as in the [Single bind example]({{< relref "ldap/#single-bind-example" >}})) is not supported with active LDAP synchronization because Grafana needs user information to perform LDAP searches.
+
+For the synchronization to work, the `servers.search_filter` and `servers.attributes.username` in the ldap.toml config file must match. By default, the `servers.attributes.username` is `cn`, so if you use another attribute as the search filter, you must also update the username attribute.
+
+For example:
+
+```
+[[servers]]
+search_filter = "(sAMAccountName=%s)"
+
+[servers.attributes]
+username  = "sAMAccountName"
+```
+
+If the attributes aren't the same, the users' sessions will be terminated after each synchronization. That's because the search will be done using the username's value, and that value doesn't exist for the attribute used in the search filter.