Using Advanced LDAP Authentication
With advanced LDAP authentication, we find the bind DN of the user by searching LDAP directory instead of interpolating bind DN from userDNTemplate.
Example Search Filter to Find the Client Bind DN
-
ldapRealm.userSearchAttributeName=uid -
ldapRealm.userObjectClass=person -
client specified login id = “guest”
LDAP Filter for doing a search to find the bind DN would be:
(&(uid=guest)(objectclass=person))This could find the bind DN to be:
uid=guest,ou=people,dc=hadoop,dc=apache,dc=orgPlease note that the userSearchAttributeName need not be part of
bindDN.
For example, you could use
-
ldapRealm.userSearchAttributeName=email -
ldapRealm.userObjectClass=person -
client specified login id = "john_doe@gmail.com
”
LDAP Filter for doing a search to find the bind DN would be:
(&(email=john_doe@gmail.com)(objectclass=person))This could find bind DN to be
uid=johnd,ou=contractors,dc=hadoop,dc=apache,dc=org