Create new LdapRealm based on Apache Knox LdapRealm Class

In our environment we attempted to use the ActiveDirectoryGroupRealm and the LdapGroupRealm but unfortunately those implementations against Shiro do not support ADLDAP Global Catalog. Also searching on "userPrincipalName" is risky in an AD environment since the explicit UPN vs Implicit UPN can be different. And the LDAP userPrincipalName attribute is the explicit UPN which can be defined by the directory administrator to any value and it can be duplicated.. SamAccountName is unique per domain and Microsoft states best practice is to not allow duplicate samAccountName's per the forest. I have attached a semi-working modified KnoxLdapRealm which works against samAccountName and global catalog for auth.

http://windowsitpro.com/active-directory/q-does-samaccountname-object-have-be-unique-active-directory-domain-or-entire-fores

https://jorgequestforknowledge.wordpress.com/2010/10/12/user-principal-names-in-ad-part-1/