You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ba...@apache.org on 2018/04/20 15:24:13 UTC

svn commit: r1829665 - /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md

Author: baedke
Date: Fri Apr 20 15:24:13 2018
New Revision: 1829665

URL: http://svn.apache.org/viewvc?rev=1829665&view=rev
Log:
OAK-7428: LdapIdentityProvider doesn't support creating external ids from custom attributes

Updated documentation.

Modified:
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md?rev=1829665&r1=1829664&r2=1829665&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md Fri Apr 20 15:24:13 2018
@@ -74,28 +74,30 @@ Oak repository:
 The LDAP IPDs are configured through the [org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig]
 which is populated either via OSGi or during manual [Repository Construction](../../construct.html).
 
-| Name                         | Property                | Description                              |
-|------------------------------|-------------------------|------------------------------------------|
-| LDAP Provider Name           | `provider.name`         | Name of this LDAP provider configuration. This is used to reference this provider by the login modules. |
-| Bind DN                      | `bind.dn`               | DN of the user for authentication. Leave empty for anonymous bind. |
-| Bind Password                | `bind.password`         | Password of the user for authentication. |
-| LDAP Server Hostname         | `host.name`             | Hostname of the LDAP server              |
-| Disable certificate checking | `host.noCertCheck`      | Indicates if server certificate validation should be disabled. |
-| LDAP Server Port             | `host.port`             | Port of the LDAP server                  |
-| Use SSL                      | `host.ssl`              | Indicates if an SSL (LDAPs) connection should be used. |
-| Use TLS                      | `host.tls`              | Indicates if TLS should be started on connections. |
-| Search Timeout               | `searchTimeout`         | Time in until a search times out (eg: '1s' or '1m 30s'). |
-| User base DN                 | `user.baseDN`           | The base DN for user searches.           |
-| User extra filter            | `user.extraFilter`      | Extra LDAP filter to use when searching for users. The final filter is formatted like: `(&(<idAttr>=<userId>)(objectclass=<objectclass>)<extraFilter>)` |
-| User id attribute            | `user.idAttribute`      | Name of the attribute that contains the user id. |
-| User DN paths                | `user.makeDnPath`       | Controls if the DN should be used for calculating a portion of the intermediate path. |
-| User object classes          | `user.objectclass`      | The list of object classes an user entry must contain. |
-| Group base DN                | `group.baseDN`          | The base DN for group searches.          |
-| Group extra filter           | `group.extraFilter`     | Extra LDAP filter to use when searching for groups. The final filter is formatted like: `(&(<nameAttr>=<groupName>)(objectclass=<objectclass>)<extraFilter>)` |
-| Group DN paths               | `group.makeDnPath`      | Controls if the DN should be used for calculating a portion of the intermediate path. |
-| Group member attribute       | `group.memberAttribute` | Group attribute that contains the member(s) of a group. |
-| Group name attribute         | `group.nameAttribute`   | Name of the attribute that contains the group name. |
-| Group object classes         | `group.objectclass`     | The list of object classes a group entry must contain. |
+| Name                          | Property                | Description                              |
+|-------------------------------|-------------------------|------------------------------------------|
+| LDAP Provider Name            | `provider.name`         | Name of this LDAP provider configuration. This is used to reference this provider by the login modules. |
+| Bind DN                       | `bind.dn`               | DN of the user for authentication. Leave empty for anonymous bind. |
+| Bind Password                 | `bind.password`         | Password of the user for authentication. |
+| LDAP Server Hostname          | `host.name`             | Hostname of the LDAP server              |
+| Disable certificate checking  | `host.noCertCheck`      | Indicates if server certificate validation should be disabled. |
+| LDAP Server Port              | `host.port`             | Port of the LDAP server                  |
+| Use SSL                       | `host.ssl`              | Indicates if an SSL (LDAPs) connection should be used. |
+| Use TLS                       | `host.tls`              | Indicates if TLS should be started on connections. |
+| Search Timeout                | `searchTimeout`         | Time in until a search times out (eg: '1s' or '1m 30s'). |
+| User base DN                  | `user.baseDN`           | The base DN for user searches.           |
+| User extra filter             | `user.extraFilter`      | Extra LDAP filter to use when searching for users. The final filter is formatted like: `(&(<idAttr>=<userId>)(objectclass=<objectclass>)<extraFilter>)` |
+| User id attribute             | `user.idAttribute`      | Name of the attribute that contains the user id. |
+| User DN paths                 | `user.makeDnPath`       | Controls if the DN should be used for calculating a portion of the intermediate path. |
+| User object classes           | `user.objectclass`      | The list of object classes an user entry must contain. |
+| Group base DN                 | `group.baseDN`          | The base DN for group searches.          |
+| Group extra filter            | `group.extraFilter`     | Extra LDAP filter to use when searching for groups. The final filter is formatted like: `(&(<nameAttr>=<groupName>)(objectclass=<objectclass>)<extraFilter>)` |
+| Group DN paths                | `group.makeDnPath`      | Controls if the DN should be used for calculating a portion of the intermediate path. |
+| Group member attribute        | `group.memberAttribute` | Group attribute that contains the member(s) of a group. |
+| Group name attribute          | `group.nameAttribute`   | Name of the attribute that contains the group name. |
+| Group object classes          | `group.objectclass`     | The list of object classes a group entry must contain. |
+| External identifier attribute | `extIdAttribute`        | The attribute that is used to create external identifiers. Leave empty to use the DN. |
+| Custom Attributes             | `customattributes`      | Attributes retrieved when looking up LDAP entries. Leave empty to retrieve all attributes. |
 | | | |
 
 #### SyncHandler and External Login Module