samaccountname as login example

website/source/docs/auth/ldap.html.md

@@ -107,7 +107,21 @@ OUs like
 ou=people    ou=external     ou=robots
 ```
 you can also specify a `binddn` and `bindpass` for vault to search for the DN
-of a user.
+of a user. This also works for the AD where a typical setup is to have user
+DNs in the form `cn=Firstname Lastname,ou=Users,dc=example,dc=com` but you
+want to login users using the `sAMAccountName` attribute. For that specify
+```
+$ vault write auth/ldap/config url="ldap://ldap.forumsys.com" \
+    userattr=sAMAccountName \
+    userdn="ou=users,dc=example,dc=com" \
+    groupdn="dc=example,dc=com" \
+    binddn="cn=vault,ou=users,dc=example,dc=com" \
+    bindpass='My$ecrt3tP4ss' \
+    certificate=@ldap_ca_cert.pem \
+    insecure_tls=false \
+    starttls=true
+...
+```
 
 Next we want to create a mapping from an LDAP group to a Vault policy: