| Variable | LDAP_AUTH_PRINCIPAL | |
| Description | Allows to transform Humio login usernames so to enable LDAP authentication | |
This is optional. It's provided so you can transform the username provided
to Humio during login
(john@example.com is the
HUMIOUSERNAME
john) into something that your LDAP
server will authenticate. To do this, supply a pattern and include the
special token HUMIOUSERNAME which
Humio will replace with the username provided at login before attempting
to bind to the LDAP server.
This is how you can specify the principal provided to your LDAP server.
So, if you provide
cn=HUMIOUSERNAME,dc=example,dc=com
and attempt to log in to Humio with the username of
john@example.com, Humio will bind
using a principal name
cn=john,dc=example,dc=com and the
password provided at the login prompt. If you have users in more than one
location within LDAP you can separate the multiple patterns and Humio will
try to authenticate in order the options you've provided. Split the value
set in LDAP_AUTH_PRINCIPAL using the
LDAP_AUTH_PRINCIPALS_REGEX pattern. This doesn't apply when
using the ldap-search method.
LDAP_AUTH_PRINCIPALS_REGEX=';'
LDAP_AUTH_PRINCIPAL='cn=HUMIOUSERNAME,dc=example,dc=com;cn=HUMIOUSERNAME,dc=foo,dc=com;cn=HUMIOUSERNAME,dc=bar,dc=com'