[23/50] [abbrv] incubator-kylin git commit: Add introduction for LDAP authentication

[lu...@apache.org]

Add introduction for LDAP authentication


Project: http://git-wip-us.apache.org/repos/asf/incubator-kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-kylin/commit/a099d8cd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-kylin/tree/a099d8cd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-kylin/diff/a099d8cd

Branch: refs/heads/0.7
Commit: a099d8cdfc5e3f40c449fc6cd305aff09fa8e895
Parents: 1e8cd38
Author: shaofengshi <sh...@apache.org>
Authored: Fri Aug 28 11:32:46 2015 +0800
Committer: Luke Han <lu...@apache.org>
Committed: Sun Sep 6 14:37:58 2015 +0800

----------------------------------------------------------------------
 website/_docs/install/advance_settings.md | 29 ++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-kylin/blob/a099d8cd/website/_docs/install/advance_settings.md
----------------------------------------------------------------------
diff --git a/website/_docs/install/advance_settings.md b/website/_docs/install/advance_settings.md
index e9f2a7a..17288f0 100644
--- a/website/_docs/install/advance_settings.md
+++ b/website/_docs/install/advance_settings.md
@@ -35,3 +35,32 @@ You'll need to stop Kylin first by running `./kylin.sh stop`, and then modify $K
 After this, you need to run `./kylin.sh start` to start Kylin again. Now Kylin will use LZO to compress MR outputs and hbase tables.
 
 
+## Enable LDAP authentication
+
+Kylin supports LDAP authentication for enterprise or production deployment; This is implemented based on Spring Security framework; Before enable LDAP, please contact your LDAP administrator to get necessary information, like LDAP server URL, username/password, search patterns, etc;
+
+## Configure LDAP properties conf/kylin.properties
+
+Firstly, provide your LDAP URL, and username/password if the LDAP server is secured;
+
+```
+ldap.server=ldap://<your_ldap_host>:<port>
+ldap.username=<your_user_name>
+ldap.password=<your_password>
+```
+
+Secondly, provide the user search patterns, this is by your LDAP design, here is just a sample:
+
+
+```
+ldap.user.searchBase=OU=UserAccounts,DC=mycompany,DC=com
+ldap.user.searchPattern=(&(AccountName={0})(memberOf=CN=MYCOMPANY-USERS,DC=mycompany,DC=com))
+ldap.user.groupSearchBase=OU=Group,DC=mycompany,DC=com
+```
+
+If you have service accounts (e.g, for system integration) which also need be authenticated, you can configure them in ldap.service.*; If not, leave them be empty; 
+
+
+### Enable LDAP mode
+
+Set "kylin.sandbox=true" in conf/kylin.properties, then restart Kylin server; In the Login page, use a LDAP account name/password to login.
\ No newline at end of file