-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add documentation for LDAP security provider [CN-995]
- Loading branch information
Showing
2 changed files
with
75 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| apiVersion: hazelcast.com/v1alpha1 | ||
| kind: ManagementCenter | ||
| metadata: | ||
| name: managementcenter | ||
| spec: | ||
| repository: "hazelcast/management-center" | ||
| licenseKeySecretName: hazelcast-license-key | ||
| securityProvider: | ||
| ldap: | ||
| credentialsSecretName: ldap-credentianls | ||
| groupDn: ou=users,dc=example,dc=org | ||
| groupSearchFilter: member={0} | ||
| nestedGroupSearch: false | ||
| url: ldap://ldap-server-url:1389 | ||
| userDn: ou=users,dc=example,dc=org | ||
| userGroups: | ||
| - users | ||
| metricsOnlyGroups: | ||
| - metrics | ||
| adminGroups: | ||
| - admins | ||
| readonlyUserGroups: | ||
| - readers | ||
| userSearchFilter: cn={0} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| = LDAP Security Provider | ||
| :description: You can use your existing LDAP server for authentication/authorization on the Management Center. | ||
|
|
||
| See xref:management-center:deploy-manage:ldap.adoc[Management Center Documentation] for more detailed information. | ||
|
|
||
| == Setting Up the LDAP Security Provider | ||
|
|
||
| To set up LDAP, you need to configure the `securityProvider.ldap` section in the Management Center CR. | ||
| The following are the required field to configure the LDAP Security provider. | ||
|
|
||
| [cols="30%m,70%a"] | ||
| |=== | ||
| |Field|Description | ||
|
|
||
| |`credentialsSecretName` | ||
| | The name of the secret that contains `username` and `password` keys of a user that has admin privileges on the LDAP server. The `username` must be the DN of the user. It is used to connect to the server when authenticating users. | ||
|
|
||
| |`userDn` | ||
| | DN to be used for searching users. | ||
|
|
||
| |`groupDn` | ||
| | DN to be used for searching groups. | ||
|
|
||
| |`adminGroups` | ||
| | Members of these groups and its nested groups have admin privileges on the Management Center. | ||
|
|
||
| |`userGroups` | ||
| | Members of these groups and its nested groups have read and write privileges on the Management Center. | ||
|
|
||
| |`readonlyUserGroups` | ||
| | Members of these groups and its nested groups have only read privilege on the Management Center. | ||
|
|
||
| |`metricsOnlyGroups` | ||
| | Members of these groups and its nested groups have the privilege to see only the metrics on the Management Center. | ||
|
|
||
| |`userSearchFilter` | ||
| | LDAP search filter expression to search for the users. | ||
|
|
||
| |`groupSearchFilter` | ||
| | LDAP search filter expression to search for the groups. | ||
|
|
||
| |=== | ||
|
|
||
| === Example Management Center LDAP configuration | ||
|
|
||
| Bellow is the example configuration for the LDAP Security Provider | ||
|
|
||
| [source,yaml,subs="attributes+"] | ||
| ---- | ||
| include::ROOT:example$/management-center-ldap.yaml[] | ||
| ---- |