Using Advanced LDAP Authentication
With advanced LDAP authentication, we find the bind DN of the user by searching LDAP directory instead of interpolating bind DN from userDNTemplate.
Example 2.1. Example Search Filter to Find the Client Bind DN
Assuming:
ldapRealm.userSearchAttributeName=uidldapRealm.userObjectClass=personclient specified login id = “guest”
LDAP Filter for doing a search to find the bind DN would be:
(&(uid=guest)(objectclass=person))
This could find the bind DN to be:
uid=guest,ou=people,dc=hadoop,dc=apache,dc=org
Please note that the userSearchAttributeName need not
be part of bindDN.
For example, you could use
ldapRealm.userSearchAttributeName=emailldapRealm.userObjectClass=personclient specified login id = "john_doe@gmail.com
”
LDAP Filter for doing a search to find the bind DN would be:
(&(email=john_doe@gmail.com)(objectclass=person))
This could find bind DN to be
uid=johnd,ou=contractors,dc=hadoop,dc=apache,dc=org