You can imagine the search path (“Base de búsqueda de usuarios”) as a file directory spelled backwards and the leaf (the first component) as a regular file. For example, if your user
firstname.lastname@example.org is at:
CN=Mike Wasowsky,OU=Usuarios,OU=Monster Assistance,OU=Energy,DC=monstersinc,DC=com
Then you can find the leaf (
CN=Mike Wasowsky) by searching in any of these paths:
DC=monstersinc,DC=com (that's as far as it will go, since this is the route)
Searches in any of those paths will find the user whose
mike. You need to leave out the first element (
CN=Mike Wasowsky) as it is your user, and no leaf will be find below it with
sAMAccountName = mike
The shorter the path specification, the longer the search will take (and it will perhaps bring up nodes that you don’t want to find).
Is the condition your leaf must pass in order to be found. Perhaps the whole
memberOf=... is not needed since you can provide the path in the search path (“DN de usuario”).
Lastly, “DN de usuario” is your LDAP account to validate the user:
Here’s a guide (in French) that you can pass through Google Translate and have a pretty good idea of how to configure this.
EDIT: I mixed up the field names; corrected.