When LDAP authorisation is used with Kerberos, the user name queried in LDAP directory for authorisation has to match Kerberos username. But Kerberos authenticated username is usually like Dekhopc@MYDOMAIN.COM.AU (i.e., format of an email address). In LDAP directory the username of this same user could be just ‘Dekhopc’. So Dekho uses a regx pattern to extract the ‘Dekhopc’ component form the Kerberos authenticated username in order to query in the LDAP directory. If the Kerberos authenticated username is of a different format, it might be necessary to alter the regx pattern to extract the username to query in LDAP.