This is optional. It's provided so you can transform the username provided to LogScale during login (john@example.com is the LOGSCALEUSERNAMEjohn) into something that your LDAP server will authenticate. To do this, supply a pattern and include the special token LOGSCALEUSERNAME which LogScale will replace with the username provided at login before attempting to bind to the LDAP server.

This is how you can specify the principal provided to your LDAP server. So, if you provide cn=LOGSCALEUSERNAME,dc=example,dc=com and attempt to log in to LogScale with the username of john@example.com, LogScale will bind using a principal name cn=john,dc=example,dc=com and the password provided at the login prompt. If you have users in more than one location within LDAP you can separate the multiple patterns and LogScale will try to authenticate in order the options you've provided. Split the value set in LDAP_AUTH_PRINCIPAL using the LDAP_AUTH_PRINCIPALS_REGEX pattern. This doesn't apply when using the ldap-search method.

LDAP_AUTH_PRINCIPALS_REGEX=';'
LDAP_AUTH_PRINCIPAL='cn=LOGSCALEUSERNAME,dc=example,dc=com;cn=LOGSCALEUSERNAME,dc=foo,dc=com;cn=LOGSCALEUSERNAME,dc=bar,dc=com'