Commit 7ea51801 authored by CI Runner's avatar CI Runner
Browse files

Ad warnings for LDAP multi-value fields (v24 only)

parent 840d9bc5
......@@ -94,7 +94,7 @@ If this key is not set, or null, then the DN of the LDAP entry is used.
|---|---|
| userbase | Specifies the subtree in the directory where user information is stored |
| usersearch | The actual LDAP query that Search Guard executes when trying to authenticate a user. The variable {0} is substituted with the username.|
| username_attribute | Search Guard uses this attribute of the directory entry to look for the user name. If set to null, the DN is used (default). |
| username_attribute | Search Guard uses this attribute of the directory entry to look for the user name. If set to null, the DN is used (default). If this references a multi-value field it is undefined which value will be used. It's therefore not recommended to set it to a multi-value field.|
### Complete authentication example
......
......@@ -207,9 +207,9 @@ For more details refer to https://technet.microsoft.com/en-us/library/cc978012.a
|---|---|
| rolebase | Specifies the subtree in the directory where role/group information is stored. |
| rolesearch | The actual LDAP query that Search Guard executes when trying to determine the roles of a user. You can use three variables here (see below).|
| userroleattribute | The attribute in a user entry to use for `{2}` variable substitution. |
| userrolename | If the roles/groups of a user are not stored in the groups subtree, but as an attribute of the user's directory entry, define this attribute name here. |
| rolename | The attribute of the role entry which should be used as role name. |
| userroleattribute | The attribute in a user entry to use for `{2}` variable substitution. If this references a multi-value field it is undefined which value will be used. It's therefore not recommended to set it to a multi-value field.|
| userrolename | If the roles/groups of a user are not stored in the groups subtree, but as an attribute of the user's directory entry, define this attribute name here. If this references a multi-value field it is undefined which value will be used. It's therefore not recommended to set it to a multi-value field.|
| rolename | The attribute of the role entry which should be used as role name. If this references a multi-value field it is undefined which value will be used. It's therefore not recommended to set it to a multi-value field.|
| resolve\_nested\_roles | Boolean, whether or not to resolve nested roles transitively (roles which are members of other roles and so on ...), default: false. |
| skip_users | Array of users that should be skipped when retrieving roles. Wildcards and regular expressions are supported. |
| nested\_role\_filter | Array of role DNs that should be filtered before resolving nested roles. Wildcards and regular expressions are supported. |
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment