Add docs for UserAttributeForFilter group search setting

2023-05-31 13:01:17 -07:00 · 2023-05-31 13:01:17 -07:00 · d0048595da
commit d0048595da
parent 46178e91ee
3 changed files with 30 additions and 3 deletions
--- a/site/content/docs/howto/configure-supervisor-with-activedirectory.md
+++ b/site/content/docs/howto/configure-supervisor-with-activedirectory.md
@ -131,9 +131,18 @@ spec:

    # Specify the search filter which should be applied when searching for
    # groups for a user. "{}" will be replaced by the dn (distinguished
-    # name) of the user entry found as a result of the user search.
+    # name) of the user entry found as a result of the user search, or by
+    # the attribute specified by userAttributeForFilter below.
    filter: "&(objectClass=group)(member={})"

+    # Specify what user attribute should be used to replace the "{}"
+    # placeholder in the group search filter. This defaults to "dn".
+    # For example, if you wanted to instead use posixGroups, you
+    # would set the group search filter to
+    # "&(objectClass=posixGroup)(memberUid={})" and set the
+    # userAttributeForFilter to "uid".
+    userAttributeForFilter: "dn"
+
    # Specify which fields from each group entry should be used upon
    # successful login.
    attributes:
--- a/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md
+++ b/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md
@ -101,9 +101,18 @@ spec:

    # Specify the search filter which should be applied when searching for
    # groups for a user. "{}" will be replaced by the dn (distinguished
-    # name) of the user entry found as a result of the user search.
+    # name) of the user entry found as a result of the user search, or by
+    # the attribute specified by userAttributeForFilter below.
    filter: "&(objectClass=groupOfNames)(member={})"

+    # Specify what user attribute should be used to replace the "{}"
+    # placeholder in the group search filter. This defaults to "dn".
+    # For example, if you wanted to instead use posixGroups, you
+    # would set the group search filter to
+    # "&(objectClass=posixGroup)(memberUid={})" and set the
+    # userAttributeForFilter to "uid".
+    userAttributeForFilter: "dn"
+
    # Specify which fields from each group entry should be used upon
    # successful login.
    attributes:
--- a/site/content/docs/howto/configure-supervisor-with-openldap.md
+++ b/site/content/docs/howto/configure-supervisor-with-openldap.md
@ -247,9 +247,18 @@ spec:

    # Specify the search filter which should be applied when searching for
    # groups for a user. "{}" will be replaced by the dn (distinguished
-    # name) of the user entry found as a result of the user search.
+    # name) of the user entry found as a result of the user search, or by
+    # the attribute specified by userAttributeForFilter below.
    filter: "&(objectClass=groupOfNames)(member={})"

+    # Specify what user attribute should be used to replace the "{}"
+    # placeholder in the group search filter. This defaults to "dn".
+    # For example, if you wanted to instead use posixGroups, you
+    # would set the group search filter to
+    # "&(objectClass=posixGroup)(memberUid={})" and set the
+    # userAttributeForFilter to "uid".
+    userAttributeForFilter: "dn"
+
    # Specify which fields from each group entry should be used upon
    # successful login.
    attributes: