From 247cadea56418b4ff3394b683bc7df38fdce9b38 Mon Sep 17 00:00:00 2001 From: ahardin-rh Date: Thu, 20 Jul 2017 13:21:10 -0400 Subject: [PATCH] Bug 1254061, added note on whitelisting users --- install_config/configuring_authentication.adoc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/install_config/configuring_authentication.adoc b/install_config/configuring_authentication.adoc index d07628de1119..43be79a682ae 100644 --- a/install_config/configuring_authentication.adoc +++ b/install_config/configuring_authentication.adoc @@ -479,11 +479,9 @@ to create a search filter that looks like: For example, consider a URL of: -==== ---- ldap://ldap.example.com/o=Acme?cn?sub?(enabled=true) ---- -==== When a client attempts to connect using a user name of `bob`, the resulting search filter will be `(&(enabled=true)(cn=bob))`. @@ -494,7 +492,6 @@ If the LDAP directory requires authentication to search, specify a `bindDN` and [[ldap-example-config]] .Master Configuration Using *LDAPPasswordIdentityProvider* -==== ---- oauthConfig: ... @@ -550,6 +547,12 @@ configured URL. If empty, system trusted roots are used. Only applies if `ldaps://` URLs connect using TLS, and `ldap://` URLs are upgraded to TLS. <13> An RFC 2255 URL which specifies the LDAP host and search parameters to use, xref:ldap-url[as described above]. + +[NOTE] +==== +To whitelist users for an LDAP integration, use the `lookup` mapping method. +Before a login from LDAP would be allowed, a cluster administrator must create +an identity and user object for each LDAP user. ==== [[BasicAuthPasswordIdentityProvider]]