# Customizing the Search Filter for LDAP Authentication ## Prerequisites * Helm version 3 is installed on your system. * The Kubernetes command line tool kubectl is configured and has access to the target installation. * You know the name and namespace of your Connectware installation. See [Obtaining the name, namespace, and version of your Connectware installation](/1-10-2/documentation/connectware-on-kubernetes/connectware-helm-chart.md#obtaining-the-name-namespace-and-version-of-your-connectware-installation). * The values.yaml file is available. * [LDAP authentication configured](/1-10-2/documentation/connectware-on-kubernetes/ldap-authentication/configuring-ldap-authentication.md). ## Customizing the Search Filter for LDAP Authentication There are scenarios where it is useful to extend the default search filter of Connectware. For example: * your users are not uniquely identifiable by their username, for example when there are users with the same RDN within the search base of your LDAP configuration. * You have to give a search base that is very huge as your accounts a spread within the DIT but by filtering the search may be more efficient The filter that will be used by Connectware is (=) whereas `userRdn` is defined as environment variable in your `values.yml` and `username` is the name the user enters during login. Any extension will result in a filter of the current format: {% code lineNumbers="true" %} ```yaml (&(=)() ``` {% endcode %} Info: You could test the filter by performing request with `ldapsearch` on your terminal (may require additional packages to be installed) **Example** {% code lineNumbers="true" %} ```yaml ldapsearch -L -b "dc=example,dc=org" -D "cn=admin,dc=example,dc=org" -w admin_pass "(&(cn=User 1)(objectclass=iNetOrgPerson))" ``` {% endcode %} **Example** In the following example, we have two entries with an RDN `cn=a.smith`. {% code lineNumbers="true" %} ```yaml dc=example,dc=org ├ cn=customers │ └ cn=a.smith └ cn=employees └ cn=a.smith ``` {% endcode %} Both users are named a.smith, but they are different entries. In a case like this you will use cn=employees,`dc=ecample,dc=org` as search base and actually won’t have a problem. But lets `use dc=example,dc=org` in order to create a simple example case for the filter extension. We want to modify the filter in order to search only for entries that have `cn=employees` in their DN. The search command to test on the terminal will for the employee a.smith will look like this: {% code lineNumbers="true" %} ```yaml ldapsearch -L -b "dc=example,dc=org" -D "cn=admin,dc=example,dc=org" -w admin_pass "(&(cn=a.smith)(cn:dn:=employee))" ``` {% endcode %} To modify Connectware, we only add the extension itself (`cn:dn:=employee`) to the configuration: {% code lineNumbers="true" %} ```yaml global: authentication: ldap: enabled: true existingBindSecret: my-ldap-user searchBase: CN=Users,DC=company,DC=tld searchFilter: cn:dn:=employees userRdn: cn url: ldap://my-dc.company.tld:389 ``` {% endcode %} Important: Be aware the no surrounding brackets are used for the additional expression. Brackets within your expression could be used, e.g. `&(objectClass=iNetOrgPerson)(cn:dn:=employees)`. **Related Links** * [Single Sign-On with LDAP](/1-10-2/documentation/user-management/single-sign-on-sso/single-sign-on-with-ldap.md). * [Configuring Connectware to use LDAP authentication](/1-10-2/documentation/connectware-on-kubernetes/ldap-authentication/configuring-ldap-authentication.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cybus.io/1-10-2/documentation/connectware-on-kubernetes/ldap-authentication/customizing-the-search-filter-for-ldap-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.