diff --git a/roles/cloudera_manager/external_auth/templates/external_auth_configs.j2 b/roles/cloudera_manager/external_auth/templates/external_auth_configs.j2
index 18cf21d5..da50dbaf 100644
--- a/roles/cloudera_manager/external_auth/templates/external_auth_configs.j2
+++ b/roles/cloudera_manager/external_auth/templates/external_auth_configs.j2
@@ -14,11 +14,19 @@ LDAP_BIND_DN: {{ auth_provider.ldap_bind_user_dn | default(None) }}
 LDAP_BIND_PW: {{ auth_provider.ldap_bind_password | default(None) }}
 LDAP_DN_PATTERN: {{ auth_provider.ldap_dn_pattern | default(None) }}
 LDAP_GROUP_SEARCH_BASE: {{ auth_provider.ldap_search_base.group | default(None) }}
+{% if auth_provider.ldap_search_filter.group is defined %}
+LDAP_GROUP_SEARCH_FILTER: "{{ auth_provider.ldap_search_filter.group }}"
+{% else %}
 LDAP_GROUP_SEARCH_FILTER: "({{ auth_provider.ldap_attribute.member | default('member') }}={0})"
+{% endif %}
 LDAP_TYPE: {{ auth_provider.type | cloudera.cluster.to_ldap_type_enum | default(None) }}
 LDAP_URL: {{ auth_provider.ldap_url | default(None) }}
 LDAP_USER_SEARCH_BASE: {{ auth_provider.ldap_search_base.user | default(None) }}
+{% if auth_provider.ldap_search_filter.user is defined %}
+LDAP_USER_SEARCH_FILTER: "{{ auth_provider.ldap_search_filter.user }}"
+{% else % }
 LDAP_USER_SEARCH_FILTER: "({{ auth_provider.ldap_attribute.user | default('sAMAccountName') }}={0})"
+{% endif %}
 NT_DOMAIN: {{ auth_provider.domain | default(None) }}
 {% if cloudera_manager_version is version('7.1.0','>=') %}
 FRONTEND_URL: {{ frontend_url | default(None) }}
@@ -26,4 +34,4 @@ PROXYUSER_KNOX_GROUPS: "{{ proxyuser_knox_groups | default('*') }}"
 PROXYUSER_KNOX_USERS: "{{ proxyuser_knox_users | default('*') }}"
 PROXYUSER_KNOX_HOSTS: "{{ proxyuser_knox_hosts | default('*') }}"
 PROXYUSER_KNOX_PRINCIPAL: "{{ proxyuser_knox_principal | default('knox') }}"
-{% endif %}
\ No newline at end of file
+{% endif %}