Use advanced LDAP authentication
With advanced LDAP authentication, you find the client bind DN by searching the LDAP
directory instead of interpolating the bind DN from userDNTemplate
.
Example search filter to find the client bind DN is as follows, assuming:
ldapRealm.userSearchAttributeName=uid
ldapRealm.userObjectClass=person
client specified login id = “guest”
LDAP filter for searching the bind DN would
be:
(&(uid=guest)(objectclass=person))
This could find the following bind
DN:
uid=guest,ou=people,dc=hadoop,dc=apache,dc=org