Document ldap.groupPattern

When I added this parameter, I forgot to document it.

Also corrected a minor formatting error on ldap.accountMemberField's
documentation, the anchor macro was missing a bracket.

Change-Id: I013cb9224ce26a67c4ee140739d226f0e67d9f8e
Signed-off-by: Shawn O. Pearce <sop@google.com>

Documentation/config-gerrit.txt

@@ -612,11 +612,11 @@ Gerrit will populate it only from the LDAP data.
 Default is `uid` for RFC 2307 servers,
 and `${sAMAccountName.toLowerCase}` for Active Directory.
 
-[[ldap.accountMemberField]ldap.accountMemberField::
+[[ldap.accountMemberField]]ldap.accountMemberField::
 +
 _(Optional)_ Name of an attribute on the user account object which
-contains the groups the user is part of. Typically used for ActiveDirectory
+contains the groups the user is part of. Typically used for Active
-servers.
+Directory servers.
 +
 Default is unset for RFC 2307 servers (disabled)
 and `memberOf` for Active Directory.
@@ -637,6 +637,17 @@ Scope of the search performed for group objects.  Must be one of:
 +
 Default is `subtree` as many directories have several levels.
 
+[[ldap.groupPattern]]ldap.groupPattern::
++
+Query pattern used when searching for an LDAP group to connect
+to a Gerrit group.  This may be any valid LDAP query expression,
+including the standard `(&...)` and `(|...)` operators.  The variable
+`$\{groupname\}` is replaced with the search term supplied by the
+group owner.
++
+Default is `(cn=$\{groupname\})` for RFC 2307,
+and `(&(objectClass=group)(cn=$\{groupname\}))` for Active Directory.
+
 [[ldap.groupMemberPattern]]ldap.groupMemberPattern::
 +
 Query pattern to use when searching for the groups that a user