Sets the User Distinguished Name (DN) template to use when creating User DNs at runtime. A User DN is an LDAP
fully-qualified unique user identifier which is required to establish a connection with the LDAP
directory to authenticate users and query for authorization information.
Usage
User DN formats are unique to the LDAP directory's schema, and each environment differs - you will need to
specify the format corresponding to your directory. You do this by specifying the full User DN as normal, but
but you use a
{0}} placeholder token in the string representing the location where the
user's submitted principal (usually a username or uid) will be substituted at runtime.
For example, if your directory
uses an LDAP
uid attribute to represent usernames, the User DN for the
jsmith user may look like
this:
uid=jsmith,ou=users,dc=mycompany,dc=com
in which case you would set this property with the following template value:
uid={0},ou=users,dc=mycompany,dc=com
If no template is configured, the raw
AuthenticationTokenAuthenticationToken#getPrincipal() will be used as the LDAP principal. This is likely
incorrect as most LDAP directories expect a fully-qualified User DN as opposed to the raw uid or username. So,
ensure you set this property to match your environment!