Simple XML
CN
1. Admin user
Depends on your LDAP server settings. Some LDAP servers don't allow anonymous query, so you need an admin account to filter and retrieve the user information.
2. Parent directory DN
It can be empty, so authentication provider will search the whole directory server to find a fit user and it will take more time. If you specify the parent directory DN it will only search under this directory.
Please reference
Spring security LDAP configuration - Bind approach as well.