(Optional) Modifying the LDAP Query Parameter of the Kerberos Method

You can modify the LDAP query parameter of the Kerberos method by using the SearchQuery property. For example, if you want to use the SearchQuery property for emails, perform the following steps:

On the Home page, click Identity Servers > [cluster name] > Authentication > Methods.
Select Kerberos method.
Click Advanced Settings > Plus icon.

Specify the following details:

Field	Description
Property Name	SearchQuery
Property Value	Specify one of the following parameters: (&(objectclass=person)(mail=%Email%)) (&(objectclass=person)(givenName=%<Kerberos Realm>%)) NOTE:Let us assume the UPN suffix is configured as AMTEST.COM and the Active Directory givenName is configured as user191. The LDAP search query will be (&(objectclass=person)(givenName=user191@AMTEST.COM)). (&(objectclass=person)(name=%Ecom_User_ID%)) (&(objectclass=person)(CN=%Ecom_User_ID%))

Field

Description

Property Name

SearchQuery

Property Value

Specify one of the following parameters:

(&(objectclass=person)(mail=%Email%))
(&(objectclass=person)(givenName=%<Kerberos Realm>%))

NOTE:Let us assume the UPN suffix is configured as AMTEST.COM and the Active Directory givenName is configured as user191. The LDAP search query will be (&(objectclass=person)(givenName=user191@AMTEST.COM)).
(&(objectclass=person)(name=%Ecom_User_ID%))
(&(objectclass=person)(CN=%Ecom_User_ID%))