From a419d8b18caf94281e500d28f3ae83ca315dcd50 Mon Sep 17 00:00:00 2001
From: Kirk <kirk@920special.com>
Date: Wed, 23 Dec 2015 15:00:22 -0800
Subject: [PATCH] Add username as an option for SearchFilter

Currently, search filter substitutions are limited only to the bindPrincipal (username@domain).
'username' value will be substituted with {1}
---
 .../ad/ActiveDirectoryLdapAuthenticationProvider.java           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 1d74992b289..ea87aac8c63 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -309,7 +309,7 @@ private DirContextOperations searchForUser(DirContext context, String username)
 		try {
 			return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context,
 					searchControls, searchRoot, searchFilter,
-					new Object[] { bindPrincipal });
+					new Object[] { bindPrincipal, username });
 		}
 		catch (IncorrectResultSizeDataAccessException incorrectResults) {
 			// Search should never return multiple results if properly configured - just