suneet-s commented on a change in pull request #11606:
URL: https://github.com/apache/druid/pull/11606#discussion_r705824174
##########
File path: docs/development/extensions-core/druid-basic-security.md
##########
@@ -181,6 +182,7 @@ The authorizer configuration examples in the rest of this
document will use "MyB
|`druid.auth.authorizer.MyBasicLDAPAuthorizer.initialAdminGroupMapping`|The
initial admin group mapping with role defined in initialAdminRole property if
specified, otherwise the default admin role will be assigned. The name of this
initial admin group mapping will be set to adminGroupMapping|null|No|
|`druid.auth.authorizer.MyBasicLDAPAuthorizer.roleProvider.type`|The type of
role provider (ldap) to authorize requests credentials.|metadata|No
|`druid.auth.authorizer.MyBasicLDAPAuthorizer.roleProvider.groupFilters`|Array
of LDAP group filters used to filter out the allowed set of groups returned
from LDAP search. Filters can be begin with *, or end with ,* to provide
configurational flexibility to limit or filter allowed set of groups available
to LDAP Authorizer.|null|No|
+|`druid.auth.authorizer.MyBasicLDAPAuthorizer.roleProvider.ldapGroupAttribute`|The
attribute id identifying the attribute used for LDAP groups by LDAP server. It
should be same as
druid.auth.authenticator.<ldap-authenticator-name>.ldapGroupAttribute|memberOf|No|
Review comment:
> It should be same as
druid.auth.authenticator.<ldap-authenticator-name>.ldapGroupAttribute
Can we enforce this in the code to prevent someone setting this incorrectly?
What happens if they are different?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
