Configuring Proxy with Apache Knox
Also available as:
PDF
loading table of contents...

Using Advanced LDAP Authentication

With advanced LDAP authentication, we find the bind DN of the user by searching LDAP directory instead of interpolating bind DN from userDNTemplate.

Example Search Filter to Find the Client Bind DN

Assuming:
  • ldapRealm.userSearchAttributeName=uid

  • ldapRealm.userObjectClass=person

  • client specified login id = “guest”

LDAP Filter for doing a search to find the bind DN would be:

(&(uid=guest)(objectclass=person))

This could find the bind DN to be:

uid=guest,ou=people,dc=hadoop,dc=apache,dc=org

Please note that the userSearchAttributeName need not be part of bindDN.

For example, you could use

  • ldapRealm.userSearchAttributeName=email

  • ldapRealm.userObjectClass=person

  • client specified login id = "john_doe@gmail.com

LDAP Filter for doing a search to find the bind DN would be:

(&(email=john_doe@gmail.com)(objectclass=person))

This could find bind DN to be

uid=johnd,ou=contractors,dc=hadoop,dc=apache,dc=org