Fixing SRS reference and updating requirements.

This commit is contained in:
Vitaliy Zakaznikov 2021-05-07 15:37:29 -04:00
parent 0b95bfb38e
commit 04a9dbeb2b
3 changed files with 248 additions and 8 deletions

View File

@ -21,7 +21,7 @@ xfails = {
@Name("role mapping") @Name("role mapping")
@ArgumentParser(argparser) @ArgumentParser(argparser)
@Specifications( @Specifications(
QA_SRS014_ClickHouse_LDAP_Role_Mapping SRS_014_ClickHouse_LDAP_Role_Mapping
) )
@Requirements( @Requirements(
RQ_SRS_014_LDAP_RoleMapping("1.0") RQ_SRS_014_LDAP_RoleMapping("1.0")

View File

@ -44,6 +44,11 @@
* 4.7.1 [BindDN Parameter](#binddn-parameter) * 4.7.1 [BindDN Parameter](#binddn-parameter)
* 4.7.1.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN](#rqsrs-014ldaprolemappingconfigurationserverbinddn) * 4.7.1.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN](#rqsrs-014ldaprolemappingconfigurationserverbinddn)
* 4.7.1.2 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN.ConflictWith.AuthDN](#rqsrs-014ldaprolemappingconfigurationserverbinddnconflictwithauthdn) * 4.7.1.2 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN.ConflictWith.AuthDN](#rqsrs-014ldaprolemappingconfigurationserverbinddnconflictwithauthdn)
* 4.7.2 [User DN Detection](#user-dn-detection)
* 4.7.2.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection](#rqsrs-014ldaprolemappingconfigurationserveruserdndetection)
* 4.7.2.2 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.BaseDN](#rqsrs-014ldaprolemappingconfigurationserveruserdndetectionbasedn)
* 4.7.2.3 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.Scope](#rqsrs-014ldaprolemappingconfigurationserveruserdndetectionscope)
* 4.7.2.4 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.SearchFilter](#rqsrs-014ldaprolemappingconfigurationserveruserdndetectionsearchfilter)
* 4.8 [External User Directory Configuration](#external-user-directory-configuration) * 4.8 [External User Directory Configuration](#external-user-directory-configuration)
* 4.8.1 [Syntax](#syntax) * 4.8.1 [Syntax](#syntax)
* 4.8.1.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.UserDirectory.RoleMapping.Syntax](#rqsrs-014ldaprolemappingconfigurationuserdirectoryrolemappingsyntax) * 4.8.1.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.UserDirectory.RoleMapping.Syntax](#rqsrs-014ldaprolemappingconfigurationuserdirectoryrolemappingsyntax)
@ -318,6 +323,67 @@ version: 1.0
[ClickHouse] SHALL return an error if both `<bind_dn>` and `<auth_dn_prefix>` or `<auth_dn_suffix>` parameters [ClickHouse] SHALL return an error if both `<bind_dn>` and `<auth_dn_prefix>` or `<auth_dn_suffix>` parameters
are specified as part of [LDAP] server description in the `<ldap_servers>` section of the `config.xml`. are specified as part of [LDAP] server description in the `<ldap_servers>` section of the `config.xml`.
#### User DN Detection
##### RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection
version: 1.0
[ClickHouse] SHALL support the `user_dn_detection` sub-section in the `<ldap_servers><server_name>` section
of the `config.xml` that SHALL be used to enable detecting the actual user DN of the bound user.
##### RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.BaseDN
version: 1.0
[ClickHouse] SHALL support `base_dn` parameter in the `user_dn_detection` sub-section in the
`<ldap_servers><server_name>` section of the `config.xml` that SHALL specify how
to construct the base DN for the LDAP search to detect the actual user DN.
For example,
```xml
<user_dn_detection>
...
<base_dn>CN=Users,DC=example,DC=com</base_dn>
</user_dn_detection>
```
##### RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.Scope
version: 1.0
[ClickHouse] SHALL support `scope` parameter in the `user_dn_detection` sub-section in the
`<ldap_servers><server_name>` section of the `config.xml` that SHALL the scope of the
LDAP search to detect the actual user DN. The `scope` parameter SHALL support the following values
* `base`
* `one_level`
* `children`
* `subtree`
For example,
```xml
<user_dn_detection>
...
<scope>one_level</scope>
</user_dn_detection>
```
##### RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.SearchFilter
version: 1.0
[ClickHouse] SHALL support `search_filter` parameter in the `user_dn_detection` sub-section in the
`<ldap_servers><server_name>` section of the `config.xml` that SHALL specify the LDAP search
filter used to detect the actual user DN.
For example,
```xml
<user_dn_detection>
...
<search_filter>(&amp;(objectClass=user)(sAMAccountName={user_name}))</search_filter>
</user_dn_detection>
```
### External User Directory Configuration ### External User Directory Configuration
#### Syntax #### Syntax
@ -382,7 +448,7 @@ version: 1.0
[ClickHouse] SHALL support the `<base_dn>` parameter in the `<user_directories><ldap><role_mapping>` section [ClickHouse] SHALL support the `<base_dn>` parameter in the `<user_directories><ldap><role_mapping>` section
of the `config.xml` that SHALL specify the template to be used to construct the base `DN` for the [LDAP] search. of the `config.xml` that SHALL specify the template to be used to construct the base `DN` for the [LDAP] search.
The resulting `DN` SHALL be constructed by replacing all the `{user_name}` and `{bind_dn}` substrings of The resulting `DN` SHALL be constructed by replacing all the `{user_name}`, `{bind_dn}`, and `user_dn` substrings of
the template with the actual user name and bind `DN` during each [LDAP] search. the template with the actual user name and bind `DN` during each [LDAP] search.
#### Attribute Parameter #### Attribute Parameter
@ -445,7 +511,7 @@ version: 1.0
section of the `config.xml` that SHALL specify the template used to construct section of the `config.xml` that SHALL specify the template used to construct
the [LDAP filter](https://ldap.com/ldap-filters/) for the search. the [LDAP filter](https://ldap.com/ldap-filters/) for the search.
The resulting filter SHALL be constructed by replacing all `{user_name}`, `{bind_dn}`, and `{base_dn}` substrings The resulting filter SHALL be constructed by replacing all `{user_name}`, `{bind_dn}`, `{base_dn}`, and `{user_dn}` substrings
of the template with the actual user name, bind `DN`, and base `DN` during each the [LDAP] search. of the template with the actual user name, bind `DN`, and base `DN` during each the [LDAP] search.
#### Prefix Parameter #### Prefix Parameter

View File

@ -1,6 +1,6 @@
# These requirements were auto generated # These requirements were auto generated
# from software requirements specification (SRS) # from software requirements specification (SRS)
# document by TestFlows v1.6.210129.1222545. # document by TestFlows v1.6.210505.1133630.
# Do not edit by hand but re-generate instead # Do not edit by hand but re-generate instead
# using 'tfs requirements generate' command. # using 'tfs requirements generate' command.
from testflows.core import Specification from testflows.core import Specification
@ -488,6 +488,105 @@ RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_BindDN_ConflictWith_AuthDN = Re
level=4, level=4,
num='4.7.1.2') num='4.7.1.2')
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_UserDNDetection = Requirement(
name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support the `user_dn_detection` sub-section in the `<ldap_servers><server_name>` section\n'
'of the `config.xml` that SHALL be used to enable detecting the actual user DN of the bound user. \n'
'\n'
),
link=None,
level=4,
num='4.7.2.1')
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_UserDNDetection_BaseDN = Requirement(
name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.BaseDN',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `base_dn` parameter in the `user_dn_detection` sub-section in the \n'
'`<ldap_servers><server_name>` section of the `config.xml` that SHALL specify how \n'
'to construct the base DN for the LDAP search to detect the actual user DN.\n'
'\n'
'For example,\n'
'\n'
'```xml\n'
'<user_dn_detection>\n'
' ...\n'
' <base_dn>CN=Users,DC=example,DC=com</base_dn>\n'
'</user_dn_detection>\n'
'```\n'
'\n'
),
link=None,
level=4,
num='4.7.2.2')
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_UserDNDetection_Scope = Requirement(
name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.Scope',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `scope` parameter in the `user_dn_detection` sub-section in the \n'
'`<ldap_servers><server_name>` section of the `config.xml` that SHALL the scope of the \n'
'LDAP search to detect the actual user DN. The `scope` parameter SHALL support the following values\n'
'\n'
'* `base`\n'
'* `one_level`\n'
'* `children`\n'
'* `subtree`\n'
'\n'
'For example,\n'
'\n'
'```xml\n'
'<user_dn_detection>\n'
' ...\n'
' <scope>one_level</scope>\n'
'</user_dn_detection>\n'
'```\n'
'\n'
),
link=None,
level=4,
num='4.7.2.3')
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_UserDNDetection_SearchFilter = Requirement(
name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.SearchFilter',
version='1.0',
priority=None,
group=None,
type=None,
uid=None,
description=(
'[ClickHouse] SHALL support `search_filter` parameter in the `user_dn_detection` sub-section in the \n'
'`<ldap_servers><server_name>` section of the `config.xml` that SHALL specify the LDAP search\n'
'filter used to detect the actual user DN.\n'
'\n'
'For example,\n'
'\n'
'```xml\n'
'<user_dn_detection>\n'
' ...\n'
' <search_filter>(&amp;(objectClass=user)(sAMAccountName={user_name}))</search_filter>\n'
'</user_dn_detection>\n'
'```\n'
'\n'
),
link=None,
level=4,
num='4.7.2.4')
RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_Syntax = Requirement( RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_Syntax = Requirement(
name='RQ.SRS-014.LDAP.RoleMapping.Configuration.UserDirectory.RoleMapping.Syntax', name='RQ.SRS-014.LDAP.RoleMapping.Configuration.UserDirectory.RoleMapping.Syntax',
version='1.0', version='1.0',
@ -587,7 +686,7 @@ RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_BaseDN = Req
'[ClickHouse] SHALL support the `<base_dn>` parameter in the `<user_directories><ldap><role_mapping>` section \n' '[ClickHouse] SHALL support the `<base_dn>` parameter in the `<user_directories><ldap><role_mapping>` section \n'
'of the `config.xml` that SHALL specify the template to be used to construct the base `DN` for the [LDAP] search.\n' 'of the `config.xml` that SHALL specify the template to be used to construct the base `DN` for the [LDAP] search.\n'
'\n' '\n'
'The resulting `DN` SHALL be constructed by replacing all the `{user_name}` and `{bind_dn}` substrings of \n' 'The resulting `DN` SHALL be constructed by replacing all the `{user_name}`, `{bind_dn}`, and `user_dn` substrings of \n'
'the template with the actual user name and bind `DN` during each [LDAP] search.\n' 'the template with the actual user name and bind `DN` during each [LDAP] search.\n'
'\n' '\n'
), ),
@ -724,7 +823,7 @@ RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_SearchFilter
'section of the `config.xml` that SHALL specify the template used to construct \n' 'section of the `config.xml` that SHALL specify the template used to construct \n'
'the [LDAP filter](https://ldap.com/ldap-filters/) for the search.\n' 'the [LDAP filter](https://ldap.com/ldap-filters/) for the search.\n'
'\n' '\n'
'The resulting filter SHALL be constructed by replacing all `{user_name}`, `{bind_dn}`, and `{base_dn}` substrings \n' 'The resulting filter SHALL be constructed by replacing all `{user_name}`, `{bind_dn}`, `{base_dn}`, and `{user_dn}` substrings \n'
'of the template with the actual user name, bind `DN`, and base `DN` during each the [LDAP] search.\n' 'of the template with the actual user name, bind `DN`, and base `DN` during each the [LDAP] search.\n'
' \n' ' \n'
), ),
@ -872,6 +971,11 @@ SRS_014_ClickHouse_LDAP_Role_Mapping = Specification(
Heading(name='BindDN Parameter', level=3, num='4.7.1'), Heading(name='BindDN Parameter', level=3, num='4.7.1'),
Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN', level=4, num='4.7.1.1'), Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN', level=4, num='4.7.1.1'),
Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN.ConflictWith.AuthDN', level=4, num='4.7.1.2'), Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN.ConflictWith.AuthDN', level=4, num='4.7.1.2'),
Heading(name='User DN Detection', level=3, num='4.7.2'),
Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection', level=4, num='4.7.2.1'),
Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.BaseDN', level=4, num='4.7.2.2'),
Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.Scope', level=4, num='4.7.2.3'),
Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.SearchFilter', level=4, num='4.7.2.4'),
Heading(name='External User Directory Configuration', level=2, num='4.8'), Heading(name='External User Directory Configuration', level=2, num='4.8'),
Heading(name='Syntax', level=3, num='4.8.1'), Heading(name='Syntax', level=3, num='4.8.1'),
Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.UserDirectory.RoleMapping.Syntax', level=4, num='4.8.1.1'), Heading(name='RQ.SRS-014.LDAP.RoleMapping.Configuration.UserDirectory.RoleMapping.Syntax', level=4, num='4.8.1.1'),
@ -930,6 +1034,10 @@ SRS_014_ClickHouse_LDAP_Role_Mapping = Specification(
RQ_SRS_014_LDAP_RoleMapping_Authentication_Parallel_SameUser, RQ_SRS_014_LDAP_RoleMapping_Authentication_Parallel_SameUser,
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_BindDN, RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_BindDN,
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_BindDN_ConflictWith_AuthDN, RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_BindDN_ConflictWith_AuthDN,
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_UserDNDetection,
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_UserDNDetection_BaseDN,
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_UserDNDetection_Scope,
RQ_SRS_014_LDAP_RoleMapping_Configuration_Server_UserDNDetection_SearchFilter,
RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_Syntax, RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_Syntax,
RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_SpecialCharactersEscaping, RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_SpecialCharactersEscaping,
RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_MultipleSections, RQ_SRS_014_LDAP_RoleMapping_Configuration_UserDirectory_RoleMapping_MultipleSections,
@ -996,6 +1104,11 @@ SRS_014_ClickHouse_LDAP_Role_Mapping = Specification(
* 4.7.1 [BindDN Parameter](#binddn-parameter) * 4.7.1 [BindDN Parameter](#binddn-parameter)
* 4.7.1.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN](#rqsrs-014ldaprolemappingconfigurationserverbinddn) * 4.7.1.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN](#rqsrs-014ldaprolemappingconfigurationserverbinddn)
* 4.7.1.2 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN.ConflictWith.AuthDN](#rqsrs-014ldaprolemappingconfigurationserverbinddnconflictwithauthdn) * 4.7.1.2 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.BindDN.ConflictWith.AuthDN](#rqsrs-014ldaprolemappingconfigurationserverbinddnconflictwithauthdn)
* 4.7.2 [User DN Detection](#user-dn-detection)
* 4.7.2.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection](#rqsrs-014ldaprolemappingconfigurationserveruserdndetection)
* 4.7.2.2 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.BaseDN](#rqsrs-014ldaprolemappingconfigurationserveruserdndetectionbasedn)
* 4.7.2.3 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.Scope](#rqsrs-014ldaprolemappingconfigurationserveruserdndetectionscope)
* 4.7.2.4 [RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.SearchFilter](#rqsrs-014ldaprolemappingconfigurationserveruserdndetectionsearchfilter)
* 4.8 [External User Directory Configuration](#external-user-directory-configuration) * 4.8 [External User Directory Configuration](#external-user-directory-configuration)
* 4.8.1 [Syntax](#syntax) * 4.8.1 [Syntax](#syntax)
* 4.8.1.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.UserDirectory.RoleMapping.Syntax](#rqsrs-014ldaprolemappingconfigurationuserdirectoryrolemappingsyntax) * 4.8.1.1 [RQ.SRS-014.LDAP.RoleMapping.Configuration.UserDirectory.RoleMapping.Syntax](#rqsrs-014ldaprolemappingconfigurationuserdirectoryrolemappingsyntax)
@ -1270,6 +1383,67 @@ version: 1.0
[ClickHouse] SHALL return an error if both `<bind_dn>` and `<auth_dn_prefix>` or `<auth_dn_suffix>` parameters [ClickHouse] SHALL return an error if both `<bind_dn>` and `<auth_dn_prefix>` or `<auth_dn_suffix>` parameters
are specified as part of [LDAP] server description in the `<ldap_servers>` section of the `config.xml`. are specified as part of [LDAP] server description in the `<ldap_servers>` section of the `config.xml`.
#### User DN Detection
##### RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection
version: 1.0
[ClickHouse] SHALL support the `user_dn_detection` sub-section in the `<ldap_servers><server_name>` section
of the `config.xml` that SHALL be used to enable detecting the actual user DN of the bound user.
##### RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.BaseDN
version: 1.0
[ClickHouse] SHALL support `base_dn` parameter in the `user_dn_detection` sub-section in the
`<ldap_servers><server_name>` section of the `config.xml` that SHALL specify how
to construct the base DN for the LDAP search to detect the actual user DN.
For example,
```xml
<user_dn_detection>
...
<base_dn>CN=Users,DC=example,DC=com</base_dn>
</user_dn_detection>
```
##### RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.Scope
version: 1.0
[ClickHouse] SHALL support `scope` parameter in the `user_dn_detection` sub-section in the
`<ldap_servers><server_name>` section of the `config.xml` that SHALL the scope of the
LDAP search to detect the actual user DN. The `scope` parameter SHALL support the following values
* `base`
* `one_level`
* `children`
* `subtree`
For example,
```xml
<user_dn_detection>
...
<scope>one_level</scope>
</user_dn_detection>
```
##### RQ.SRS-014.LDAP.RoleMapping.Configuration.Server.UserDNDetection.SearchFilter
version: 1.0
[ClickHouse] SHALL support `search_filter` parameter in the `user_dn_detection` sub-section in the
`<ldap_servers><server_name>` section of the `config.xml` that SHALL specify the LDAP search
filter used to detect the actual user DN.
For example,
```xml
<user_dn_detection>
...
<search_filter>(&amp;(objectClass=user)(sAMAccountName={user_name}))</search_filter>
</user_dn_detection>
```
### External User Directory Configuration ### External User Directory Configuration
#### Syntax #### Syntax
@ -1334,7 +1508,7 @@ version: 1.0
[ClickHouse] SHALL support the `<base_dn>` parameter in the `<user_directories><ldap><role_mapping>` section [ClickHouse] SHALL support the `<base_dn>` parameter in the `<user_directories><ldap><role_mapping>` section
of the `config.xml` that SHALL specify the template to be used to construct the base `DN` for the [LDAP] search. of the `config.xml` that SHALL specify the template to be used to construct the base `DN` for the [LDAP] search.
The resulting `DN` SHALL be constructed by replacing all the `{user_name}` and `{bind_dn}` substrings of The resulting `DN` SHALL be constructed by replacing all the `{user_name}`, `{bind_dn}`, and `user_dn` substrings of
the template with the actual user name and bind `DN` during each [LDAP] search. the template with the actual user name and bind `DN` during each [LDAP] search.
#### Attribute Parameter #### Attribute Parameter
@ -1397,7 +1571,7 @@ version: 1.0
section of the `config.xml` that SHALL specify the template used to construct section of the `config.xml` that SHALL specify the template used to construct
the [LDAP filter](https://ldap.com/ldap-filters/) for the search. the [LDAP filter](https://ldap.com/ldap-filters/) for the search.
The resulting filter SHALL be constructed by replacing all `{user_name}`, `{bind_dn}`, and `{base_dn}` substrings The resulting filter SHALL be constructed by replacing all `{user_name}`, `{bind_dn}`, `{base_dn}`, and `{user_dn}` substrings
of the template with the actual user name, bind `DN`, and base `DN` during each the [LDAP] search. of the template with the actual user name, bind `DN`, and base `DN` during each the [LDAP] search.
#### Prefix Parameter #### Prefix Parameter