djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update with new default values

Browse Source
This commit is contained in:
Margo Crawford 2021-08-19 16:27:43 -07:00
parent a6dc5b912f
commit cec3c2133a
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
site/content/docs/howto/configure-supervisor-with-activedirectory.md
View File

@ -117,7 +117,7 @@ spec:
# Specifies the name of the attribute in the LDAP entry whose # Specifies the name of the attribute in the LDAP entry whose
# value shall be used to uniquely identify the user within this # value shall be used to uniquely identify the user within this
# LDAP provider after a successful authentication. # LDAP provider after a successful authentication.
uid: "objectSid" uid: "objectGUID"
# Specify how to search for the group membership of an end-user during login. # Specify how to search for the group membership of an end-user during login.
groupSearch: groupSearch:

8
site/content/docs/reference/active-directory-configuration.md
View File

@ -20,7 +20,7 @@ menu:
### `spec.userSearch.attributes.username` ### `spec.userSearch.attributes.username`
*Default Behavior*: The `samAccountName` attribute will become the user's Kubernetes username. *Default Behavior*: The `userPrincipalName` attribute will become the user's Kubernetes username.
### `spec.userSearch.attributes.uid` ### `spec.userSearch.attributes.uid`
*Default Behavior*: The `objectGUID` attribute will be used to uniquely identify users. *Default Behavior*: The `objectGUID` attribute will be used to uniquely identify users.
@ -28,14 +28,14 @@ menu:
### `spec.userSearch.filter` ### `spec.userSearch.filter`
*Default Behavior*: *Default Behavior*:
``` ```
"(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={})(mail={}))(sAMAccountType=805306368))" "(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={})(mail={})(userPrincipalName={}))(sAMAccountType=805306368))"
``` ```
Requires the following of the Active Directory entry of the user specified: Requires the following of the Active Directory entry of the user specified:
* is a person. * is a person.
* is not a computer. * is not a computer.
* is not shown in advanced view only (which would likely mean its a system created service account with advanced permissions). * is not shown in advanced view only (which would likely mean its a system created service account with advanced permissions).
* either the `sAMAccountName` or the `mail` attribute matches the input username. * either the `sAMAccountName`, the `userPrincipalName`, or the `mail` attribute matches the input username.
* the `sAMAccountType` is for a normal user account. * the `sAMAccountType` is for a normal user account.
### `spec.groupSearch.base` ### `spec.groupSearch.base`
@ -45,7 +45,7 @@ Requires the following of the Active Directory entry of the user specified:
*Implications*: Searches your entire domain for groups. It may make sense to specify a subtree as a search base if you wish to exclude some groups for security reasons or to make searches faster. *Implications*: Searches your entire domain for groups. It may make sense to specify a subtree as a search base if you wish to exclude some groups for security reasons or to make searches faster.
### `spec.groupSearch.attributes.groupName` ### `spec.groupSearch.attributes.groupName`
*Default Behavior*: The `sAMAccountName` attributes of the groups will become their groups in Kubernetes. *Default Behavior*: The attribute that will become the user's groups in Kubernetes will look like `sAMAccountName@domain` (where domain is constructed from the domain components of the group).
### `spec.groupSearch.filter` ### `spec.groupSearch.filter`