Use advanced LDAP authentication

With advanced LDAP authentication, you find the client bind DN by searching the LDAP directory instead of interpolating the bind DN from userDNTemplate.

Example search filter to find the client bind DN is as follows, assuming:

  • ldapRealm.userSearchAttributeName=uid
  • ldapRealm.userObjectClass=person
  • client specified login id = “guest”
LDAP filter for searching the bind DN would be:
(&(uid=guest)(objectclass=person))
This could find the following bind DN:
uid=guest,ou=people,dc=hadoop,dc=apache,dc=org