Using Advanced LDAP Authentication
With advanced LDAP authentication, we find the bind DN of the user by searching LDAP directory instead of interpolating bind DN from userDNTemplate.
Example 2.1. Example Search Filter to Find the Client Bind DN
Assuming:
ldapRealm.userSearchAttributeName=uid
ldapRealm.userObjectClass=person
client specified login id = “guest”
LDAP Filter for doing a search to find the bind DN would be:
(&(uid=guest)(objectclass=person))
This could find the bind DN to be:
uid=guest,ou=people,dc=hadoop,dc=apache,dc=org
Please note that the userSearchAttributeName
need not
be part of bindDN.
For example, you could use
ldapRealm.userSearchAttributeName=email
ldapRealm.userObjectClass=person
client specified login id = "john_doe@gmail.com
”
LDAP Filter for doing a search to find the bind DN would be:
(&(email=john_doe@gmail.com)(objectclass=person))
This could find bind DN to be
uid=johnd,ou=contractors,dc=hadoop,dc=apache,dc=org