You can modify the LDAP query parameter of the Kerberos method by using the SearchQuery property. For example, if you want to use the SearchQuery property for emails, perform the following steps:
Navigate to Identity Servers > Edit > Local > Methods.
Click the Kerberos method.
Click Properties > New.
Specify the following details:
Property Name: SearchQuery
Property Value: Specify one of the following parameters:
(&(objectclass=person)(mail=%Email%))
(&(objectclass=person)(givenName=%<Kerberos Realm>%))
NOTE:Let us assume the UPN suffix is configured as AMTEST.COM and the Active Directory givenName is configured as user191. The LDAP search query will be (&(objectclass=person)(givenName=user191@AMTEST.COM)).
(&(objectclass=person)(name=%Ecom_User_ID%))
(&(objectclass=person)(CN=%Ecom_User_ID%))