Problem with userDnTemplate-Based Authentication
UserDnTemplate based authentication uses configuration parameter
ldapRealm.userDnTemplate
. Typical value of
userDNTemplate would look like
uid={0},ou=people,dc=hadoop,dc=apache,dc=org
.
To compute bind DN of the client, we swap the place holder {0} with
login id provided by the client. For example, if the login id provided
by the client is "guest’, the computed bind DN would be
uid=guest,ou=people,dc=hadoop,dc=apache,dc=org
.
This keeps configuration simple.
However, this does not work if users belong to different branches of
LDAP DIT. For example, if there are some users under
ou=people,dc=hadoop,dc=apache,dc=org
and some users
under ou=contractors,dc=hadoop,dc=apache,dc=org
,
We can not come up with userDnTemplate that would work for all the users.