Author: baedke
Date: Fri Apr 20 15:24:13 2018
New Revision: 1829665
URL: http://svn.apache.org/viewvc?rev=1829665&view=rev
Log:
OAK-7428: LdapIdentityProvider doesn't support creating external ids from
custom attributes
Updated documentation.
Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md
Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md?rev=1829665&r1=1829664&r2=1829665&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md
(original)
+++
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md
Fri Apr 20 15:24:13 2018
@@ -74,28 +74,30 @@ Oak repository:
The LDAP IPDs are configured through the
[org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig]
which is populated either via OSGi or during manual [Repository
Construction](../../construct.html).
-| Name | Property | Description
|
-|------------------------------|-------------------------|------------------------------------------|
-| LDAP Provider Name | `provider.name` | Name of this LDAP
provider configuration. This is used to reference this provider by the login
modules. |
-| Bind DN | `bind.dn` | DN of the user for
authentication. Leave empty for anonymous bind. |
-| Bind Password | `bind.password` | Password of the
user for authentication. |
-| LDAP Server Hostname | `host.name` | Hostname of the
LDAP server |
-| Disable certificate checking | `host.noCertCheck` | Indicates if server
certificate validation should be disabled. |
-| LDAP Server Port | `host.port` | Port of the LDAP
server |
-| Use SSL | `host.ssl` | Indicates if an SSL
(LDAPs) connection should be used. |
-| Use TLS | `host.tls` | Indicates if TLS
should be started on connections. |
-| Search Timeout | `searchTimeout` | Time in until a
search times out (eg: '1s' or '1m 30s'). |
-| User base DN | `user.baseDN` | The base DN for
user searches. |
-| User extra filter | `user.extraFilter` | Extra LDAP filter
to use when searching for users. The final filter is formatted like:
`(&(<idAttr>=<userId>)(objectclass=<objectclass>)<extraFilter>)` |
-| User id attribute | `user.idAttribute` | Name of the
attribute that contains the user id. |
-| User DN paths | `user.makeDnPath` | Controls if the DN
should be used for calculating a portion of the intermediate path. |
-| User object classes | `user.objectclass` | The list of object
classes an user entry must contain. |
-| Group base DN | `group.baseDN` | The base DN for
group searches. |
-| Group extra filter | `group.extraFilter` | Extra LDAP filter
to use when searching for groups. The final filter is formatted like:
`(&(<nameAttr>=<groupName>)(objectclass=<objectclass>)<extraFilter>)` |
-| Group DN paths | `group.makeDnPath` | Controls if the DN
should be used for calculating a portion of the intermediate path. |
-| Group member attribute | `group.memberAttribute` | Group attribute
that contains the member(s) of a group. |
-| Group name attribute | `group.nameAttribute` | Name of the
attribute that contains the group name. |
-| Group object classes | `group.objectclass` | The list of object
classes a group entry must contain. |
+| Name | Property | Description
|
+|-------------------------------|-------------------------|------------------------------------------|
+| LDAP Provider Name | `provider.name` | Name of this LDAP
provider configuration. This is used to reference this provider by the login
modules. |
+| Bind DN | `bind.dn` | DN of the user for
authentication. Leave empty for anonymous bind. |
+| Bind Password | `bind.password` | Password of the
user for authentication. |
+| LDAP Server Hostname | `host.name` | Hostname of the
LDAP server |
+| Disable certificate checking | `host.noCertCheck` | Indicates if
server certificate validation should be disabled. |
+| LDAP Server Port | `host.port` | Port of the LDAP
server |
+| Use SSL | `host.ssl` | Indicates if an
SSL (LDAPs) connection should be used. |
+| Use TLS | `host.tls` | Indicates if TLS
should be started on connections. |
+| Search Timeout | `searchTimeout` | Time in until a
search times out (eg: '1s' or '1m 30s'). |
+| User base DN | `user.baseDN` | The base DN for
user searches. |
+| User extra filter | `user.extraFilter` | Extra LDAP filter
to use when searching for users. The final filter is formatted like:
`(&(<idAttr>=<userId>)(objectclass=<objectclass>)<extraFilter>)` |
+| User id attribute | `user.idAttribute` | Name of the
attribute that contains the user id. |
+| User DN paths | `user.makeDnPath` | Controls if the DN
should be used for calculating a portion of the intermediate path. |
+| User object classes | `user.objectclass` | The list of object
classes an user entry must contain. |
+| Group base DN | `group.baseDN` | The base DN for
group searches. |
+| Group extra filter | `group.extraFilter` | Extra LDAP filter
to use when searching for groups. The final filter is formatted like:
`(&(<nameAttr>=<groupName>)(objectclass=<objectclass>)<extraFilter>)` |
+| Group DN paths | `group.makeDnPath` | Controls if the DN
should be used for calculating a portion of the intermediate path. |
+| Group member attribute | `group.memberAttribute` | Group attribute
that contains the member(s) of a group. |
+| Group name attribute | `group.nameAttribute` | Name of the
attribute that contains the group name. |
+| Group object classes | `group.objectclass` | The list of object
classes a group entry must contain. |
+| External identifier attribute | `extIdAttribute` | The attribute that
is used to create external identifiers. Leave empty to use the DN. |
+| Custom Attributes | `customattributes` | Attributes
retrieved when looking up LDAP entries. Leave empty to retrieve all attributes.
|
| | | |
#### SyncHandler and External Login Module
