Use advanced LDAP authentication

With advanced LDAP authentication, you find the client bind DN by searching the LDAP directory instead of interpolating the bind DN from userDNTemplate.

Example search filter to find the client bind DN is as follows, assuming:

ldapRealm.userSearchAttributeName=uid
ldapRealm.userObjectClass=person
client specified login id = “guest”

LDAP filter for searching the bind DN would be:

(&(uid=guest)(objectclass=person))

This could find the following bind DN:

uid=guest,ou=people,dc=hadoop,dc=apache,dc=org

note

The userSearchAttributeName attribute does not need to be a part of the bind DN. For example, you could use the following:

ldapRealm.userSearchAttributeName=email
ldapRealm.userObjectClass=person
client specified login id = "john_doe@gmail.com”

LDAP filter for searching the bind DN would be:

(&(email=john_doe@gmail.com)(objectclass=person))

This could find the following bind DN:

uid=johnd,ou=contractors,dc=hadoop,dc=apache,dc=org