VariableLDAP_AUTH_PRINCIPAL
DescriptionAllows to transform Humio login usernames so to enable LDAP authentication

This is optional. It's provided so you can transform the username provided to Humio during login (john@example.com is the HUMIOUSERNAME john) into something that your LDAP server will authenticate. To do this, supply a pattern and include the special token HUMIOUSERNAME which Humio will replace with the username provided at login before attempting to bind to the LDAP server.

This is how you can specify the principal provided to your LDAP server. So, if you provide cn=HUMIOUSERNAME,dc=example,dc=com and attempt to log in to Humio with the username of john@example.com, Humio will bind using a principal name cn=john,dc=example,dc=com and the password provided at the login prompt. If you have users in more than one location within LDAP you can separate the multiple patterns and Humio will try to authenticate in order the options you've provided. Split the value set in LDAP_AUTH_PRINCIPAL using the LDAP_AUTH_PRINCIPALS_REGEX pattern. This doesn't apply when using the ldap-search method.

ini files
LDAP_AUTH_PRINCIPALS_REGEX=';'
LDAP_AUTH_PRINCIPAL='cn=HUMIOUSERNAME,dc=example,dc=com;cn=HUMIOUSERNAME,dc=foo,dc=com;cn=HUMIOUSERNAME,dc=bar,dc=com'