Solved
which version are you on? I can see this feature from 13.x and onwards.
By default apm uses session.logon.last.username variable for username. See if you can set custom APM variable for it and change it to UPN variable you get after LDAP query.