symfony
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php
Lines changed: 6 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php
Lines changed: 6 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
Lines changed: 25 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
Lines changed: 25 additions & 1 deletion
@@ -27,7 +27,7 @@ class FormLoginLdapFactory extends FormLoginFactory
     protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId)
         $provider = 'security.authentication.provider.ldap_bind.'.$id;
-        $container
+        $definition = $container
             ->setDefinition($provider, new ChildDefinition('security.authentication.provider.ldap_bind'))
             ->replaceArgument(0, new Reference($userProviderId))
             ->replaceArgument(1, new Reference('security.user_checker.'.$id))
@@ -36,6 +36,10 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,
             ->replaceArgument(4, $config['dn_string'])
         ;
 
+        if (!empty($config['query_string'])) {
+            $definition->addMethodCall('setQueryString', array($config['query_string']));
+        }
+
         return $provider;
     }
 
@@ -47,6 +51,7 @@ public function addConfiguration(NodeDefinition $node)
             ->children()
                 ->scalarNode('service')->defaultValue('ldap')->end()
                 ->scalarNode('dn_string')->defaultValue('{username}')->end()
+                ->scalarNode('query_string')->end()
             ->end()
         ;
     }
 
@@ -33,6 +33,7 @@ class LdapBindAuthenticationProvider extends UserAuthenticationProvider
     private $userProvider;
     private $ldap;
     private $dnString;
+    private $queryString;
 
     /**
      * Constructor.
@@ -53,6 +54,16 @@ public function __construct(UserProviderInterface $userProvider, UserCheckerInte
         $this->dnString = $dnString;
     }
 
+    /**
+     * Set a query string to use in order to find a DN for the username.
+     *
+     * @param string $queryString
+     */
+    public function setQueryString($queryString)
+    {
+        $this->queryString = $queryString;
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -79,7 +90,20 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
 
         try {
             $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_DN);
-            $dn = str_replace('{username}', $username, $this->dnString);
+
+            if ($this->queryString) {
+                $query = str_replace('{username}', $username, $this->queryString);
+
+                $query = $this->ldap->query($this->dnString, $query);
+                $result = $query->execute();
+                if (1 !== $result->count()) {
+                    throw new BadCredentialsException('The presented username is invalid.');
+                }
+
+                $dn = $result[0]->getDn();
+            } else {
+                $dn = str_replace('{username}', $username, $this->dnString);
+            }
 
             $this->ldap->bind($dn, $password);
         } catch (ConnectionException $e) {
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ class FormLoginLdapFactory extends FormLoginFactory`
`27`	`27`	`protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId)`
`28`	`28`	`{`
`29`	`29`	`$provider = 'security.authentication.provider.ldap_bind.'.$id;`
`30`		`- $container`
	`30`	`+ $definition = $container`
`31`	`31`	`->setDefinition($provider, new ChildDefinition('security.authentication.provider.ldap_bind'))`
`32`	`32`	`->replaceArgument(0, new Reference($userProviderId))`
`33`	`33`	`->replaceArgument(1, new Reference('security.user_checker.'.$id))`
`@@ -36,6 +36,10 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,`
`36`	`36`	`->replaceArgument(4, $config['dn_string'])`
`37`	`37`	`;`
`38`	`38`
	`39`	`+ if (!empty($config['query_string'])) {`
	`40`	`+ $definition->addMethodCall('setQueryString', array($config['query_string']));`
	`41`	`+ }`
	`42`	`+`
`39`	`43`	`return $provider;`
`40`	`44`	`}`
`41`	`45`
`@@ -47,6 +51,7 @@ public function addConfiguration(NodeDefinition $node)`
`47`	`51`	`->children()`
`48`	`52`	`->scalarNode('service')->defaultValue('ldap')->end()`
`49`	`53`	`->scalarNode('dn_string')->defaultValue('{username}')->end()`
	`54`	`+ ->scalarNode('query_string')->end()`
`50`	`55`	`->end()`
`51`	`56`	`;`
`52`	`57`	`}`