knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kmin...@apache.org
Subject svn commit: r1735445 - in /knox: site/books/knox-0-9-0/user-guide.html site/index.html site/issue-tracking.html site/license.html site/mail-lists.html site/project-info.html site/team-list.html trunk/books/0.9.0/config_advanced_ldap.md
Date Thu, 17 Mar 2016 15:41:04 GMT
Author: kminder
Date: Thu Mar 17 15:41:03 2016
New Revision: 1735445

URL: http://svn.apache.org/viewvc?rev=1735445&view=rev
Log:
[KNOX-694] - Enhance LDAP user search configurability

Modified:
    knox/site/books/knox-0-9-0/user-guide.html
    knox/site/index.html
    knox/site/issue-tracking.html
    knox/site/license.html
    knox/site/mail-lists.html
    knox/site/project-info.html
    knox/site/team-list.html
    knox/trunk/books/0.9.0/config_advanced_ldap.md

Modified: knox/site/books/knox-0-9-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-0/user-guide.html?rev=1735445&r1=1735444&r2=1735445&view=diff
==============================================================================
--- knox/site/books/knox-0-9-0/user-guide.html (original)
+++ knox/site/books/knox-0-9-0/user-guide.html Thu Mar 17 15:41:03 2016
@@ -1044,7 +1044,87 @@ ldapRealm.userDnTemplate=uid={0},ou=peop
 <pre><code>(&amp;(email=bill.clinton@gmail.com)(objectclass=person))
 </code></pre><p>This could find bind DN to be</p>
 <pre><code>uid=billc,ou=contractors,dc=hadoop,dc=apache,dc=org
-</code></pre><h4><a id="Example+provider+configuration+to+use+advanced+LDAP+authentication">Example
provider configuration to use advanced LDAP authentication</a> <a href="#Example+provider+configuration+to+use+advanced+LDAP+authentication"><img
src="markbook-section-link.png"/></a></h4><p>The example configuration
appears verbose due to the presence of liberal comments and illustration of optional parameters
and default values. The configuration that you would use could be much shorter if you rely
on default values.</p>
+</code></pre><h4><a id="Advanced+LDAP+configuration+parameters">Advanced
LDAP configuration parameters</a> <a href="#Advanced+LDAP+configuration+parameters"><img
src="markbook-section-link.png"/></a></h4><p>The table below provides
a brief description and sample of the available advanced bind and search configuration parameters.</p>
+<table>
+  <thead>
+    <tr>
+      <th>Parameter </th>
+      <th>Description </th>
+      <th>Default </th>
+      <th>Sample </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>principalRegex </td>
+      <td>Parses the principal for insertion into templates via regex. </td>
+      <td>(.*) </td>
+      <td>(.*?)\\(.*) <em>(e.g. match US\tom: {0}=US\tom, {1}=US, {2}=tom)</em>
</td>
+    </tr>
+    <tr>
+      <td>userDnTemplate </td>
+      <td>Direct user bind DN template. </td>
+      <td>{0} </td>
+      <td>cn={2},dc={1},dc=qa,dc=company,dc=com </td>
+    </tr>
+    <tr>
+      <td>userSearchBase </td>
+      <td>Search based template. Used with config below. </td>
+      <td>none </td>
+      <td>dc={1},dc=qa,dc=company,dc=com </td>
+    </tr>
+    <tr>
+      <td>userSearchAttributeName </td>
+      <td>Attribute name for simplified search filter. </td>
+      <td>none </td>
+      <td>sAMAccountName </td>
+    </tr>
+    <tr>
+      <td>userSearchAttributeTemplate </td>
+      <td>Attribute template for simplified search filter. </td>
+      <td>{0} </td>
+      <td>{2} </td>
+    </tr>
+    <tr>
+      <td>userSearchFilter </td>
+      <td>Advanced search filter template. Note &amp; is &amp;amp; in XML.
</td>
+      <td>none </td>
+      <td>(&amp;amp;(objectclass=person)(sAMAccountName={2})) </td>
+    </tr>
+    <tr>
+      <td>userSearchScope </td>
+      <td>Search scope: subtree, onelevel, object. </td>
+      <td>subtree </td>
+      <td>onelevel </td>
+    </tr>
+  </tbody>
+</table><h4><a id="Advanced+LDAP+configuration+combinations">Advanced LDAP
configuration combinations</a> <a href="#Advanced+LDAP+configuration+combinations"><img
src="markbook-section-link.png"/></a></h4><p>There are also only certain
valid combinations of advanced LDAP configuration parameters.</p>
+<ul>
+  <li>User DN Template
+  <ul>
+    <li>userDnTemplate (Required)</li>
+    <li>principalRegex (Optional)</li>
+  </ul></li>
+  <li>User Search by Attribute
+  <ul>
+    <li>userSearchBase (Required)</li>
+    <li>userAttributeName (Required)</li>
+    <li>userAttributeTemplate (Optional)</li>
+    <li>userSearchScope (Optional)</li>
+    <li>principalRegex (Optional)</li>
+  </ul></li>
+  <li>User Search by Filter
+  <ul>
+    <li>userSearchBase (Required)</li>
+    <li>userSearchFilter (Required)</li>
+    <li>userSearchScope (Optional)</li>
+    <li>principalRegex (Optional)</li>
+  </ul></li>
+</ul><h4><a id="Advanced+LDAP+configuration+precedence">Advanced LDAP configuration
precedence</a> <a href="#Advanced+LDAP+configuration+precedence"><img src="markbook-section-link.png"/></a></h4><p>The
presence of multiple configuration combinations should be avoided. The rules below clarify
which combinations take precedence when present.</p>
+<ol>
+  <li>userSearchBase takes precedence over userDnTemplate</li>
+  <li>userSearchFilter takes precedence over userSearchAttributeName</li>
+</ol><h4><a id="Example+provider+configuration+to+use+advanced+LDAP+authentication">Example
provider configuration to use advanced LDAP authentication</a> <a href="#Example+provider+configuration+to+use+advanced+LDAP+authentication"><img
src="markbook-section-link.png"/></a></h4><p>The example configuration
appears verbose due to the presence of liberal comments and illustration of optional parameters
and default values. The configuration that you would use could be much shorter if you rely
on default values.</p>
 <pre><code>&lt;provider&gt;
 
     &lt;role&gt;authentication&lt;/role&gt;

Modified: knox/site/index.html
URL: http://svn.apache.org/viewvc/knox/site/index.html?rev=1735445&r1=1735444&r2=1735445&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Thu Mar 17 15:41:03 2016
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2016-03-01
+ | Generated by Apache Maven Doxia at 2016-03-17
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20160301" />
+    <meta name="Date-Revision-yyyymmdd" content="20160317" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; REST API Gateway for the Hadoop Ecosystem</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2016-03-01</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2016-03-17</li>

             
                             </ul>
       </div>

Modified: knox/site/issue-tracking.html
URL: http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1735445&r1=1735444&r2=1735445&view=diff
==============================================================================
--- knox/site/issue-tracking.html (original)
+++ knox/site/issue-tracking.html Thu Mar 17 15:41:03 2016
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2016-03-01
+ | Generated by Apache Maven Doxia at 2016-03-17
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20160301" />
+    <meta name="Date-Revision-yyyymmdd" content="20160317" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Issue Tracking</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2016-03-01</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2016-03-17</li>

             
                             </ul>
       </div>

Modified: knox/site/license.html
URL: http://svn.apache.org/viewvc/knox/site/license.html?rev=1735445&r1=1735444&r2=1735445&view=diff
==============================================================================
--- knox/site/license.html (original)
+++ knox/site/license.html Thu Mar 17 15:41:03 2016
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2016-03-01
+ | Generated by Apache Maven Doxia at 2016-03-17
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20160301" />
+    <meta name="Date-Revision-yyyymmdd" content="20160317" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Project License</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2016-03-01</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2016-03-17</li>

             
                             </ul>
       </div>

Modified: knox/site/mail-lists.html
URL: http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1735445&r1=1735444&r2=1735445&view=diff
==============================================================================
--- knox/site/mail-lists.html (original)
+++ knox/site/mail-lists.html Thu Mar 17 15:41:03 2016
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2016-03-01
+ | Generated by Apache Maven Doxia at 2016-03-17
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20160301" />
+    <meta name="Date-Revision-yyyymmdd" content="20160317" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Project Mailing Lists</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2016-03-01</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2016-03-17</li>

             
                             </ul>
       </div>

Modified: knox/site/project-info.html
URL: http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1735445&r1=1735444&r2=1735445&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Thu Mar 17 15:41:03 2016
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2016-03-01
+ | Generated by Apache Maven Doxia at 2016-03-17
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20160301" />
+    <meta name="Date-Revision-yyyymmdd" content="20160317" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Project Information</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2016-03-01</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2016-03-17</li>

             
                             </ul>
       </div>

Modified: knox/site/team-list.html
URL: http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1735445&r1=1735444&r2=1735445&view=diff
==============================================================================
--- knox/site/team-list.html (original)
+++ knox/site/team-list.html Thu Mar 17 15:41:03 2016
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2016-03-01
+ | Generated by Apache Maven Doxia at 2016-03-17
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20160301" />
+    <meta name="Date-Revision-yyyymmdd" content="20160317" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Team list</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2016-03-01</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2016-03-17</li>

             
                             </ul>
       </div>

Modified: knox/trunk/books/0.9.0/config_advanced_ldap.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.9.0/config_advanced_ldap.md?rev=1735445&r1=1735444&r2=1735445&view=diff
==============================================================================
--- knox/trunk/books/0.9.0/config_advanced_ldap.md (original)
+++ knox/trunk/books/0.9.0/config_advanced_ldap.md Thu Mar 17 15:41:03 2016
@@ -58,6 +58,44 @@ This could find bind DN to be
 
     uid=billc,ou=contractors,dc=hadoop,dc=apache,dc=org
 
+#### Advanced LDAP configuration parameters
+The table below provides a brief description and sample of the available advanced bind and
search configuration parameters.
+
+| Parameter                   | Description                                             
      | Default | Sample                                                             |
+|-----------------------------|----------------------------------------------------------------|---------|--------------------------------------------------------------------|
+| principalRegex              | Parses the principal for insertion into templates via regex.
  | (.*)    | (.\*?)\\\\(.\*) _(e.g. match US\tom: {0}=US\tom, {1}=US, {2}=tom)_ |
+| userDnTemplate              | Direct user bind DN template.                           
      | {0}     | cn={2},dc={1},dc=qa,dc=company,dc=com                              |
+| userSearchBase              | Search based template. Used with config below.          
      | none    | dc={1},dc=qa,dc=company,dc=com                                     |
+| userSearchAttributeName     | Attribute name for simplified search filter.            
      | none    | sAMAccountName                                                     |
+| userSearchAttributeTemplate | Attribute template for simplified search filter.        
      | {0}     | {2}                                                                |
+| userSearchFilter            | Advanced search filter template. Note \& is \&amp;
in XML.     | none    | (\&amp;(objectclass=person)(sAMAccountName={2}))             
     |
+| userSearchScope             | Search scope: subtree, onelevel, object.                
      | subtree | onelevel                                                           |
+
+#### Advanced LDAP configuration combinations
+There are also only certain valid combinations of advanced LDAP configuration parameters.
+
+* User DN Template
+    * userDnTemplate (Required)
+    * principalRegex (Optional)
+* User Search by Attribute
+    * userSearchBase (Required)
+    * userAttributeName (Required)
+    * userAttributeTemplate (Optional)
+    * userSearchScope (Optional)
+    * principalRegex (Optional)
+* User Search by Filter
+    * userSearchBase (Required)
+    * userSearchFilter (Required)
+    * userSearchScope (Optional)
+    * principalRegex (Optional)
+
+#### Advanced LDAP configuration precedence
+The presence of multiple configuration combinations should be avoided.
+The rules below clarify which combinations take precedence when present.
+
+1. userSearchBase takes precedence over userDnTemplate
+2. userSearchFilter takes precedence over userSearchAttributeName
+
 #### Example provider configuration to use advanced LDAP authentication
 
 The example configuration appears verbose due to the presence of liberal comments 



Mime
View raw message