add documentation for LDAP security provider [CN-995] (#139)

* add documentation for LDAP security provider [CN-995]

* add nav

* add description

* add secret example

* fix secret name

* Apply suggestions from code review

Co-authored-by: Serdar Ozmen <[email protected]>

* address PR comments

---------

Co-authored-by: Serdar Ozmen <[email protected]>

docs/modules/ROOT/examples/management-center-ldap.yaml

@@ -0,0 +1,24 @@
+apiVersion: hazelcast.com/v1alpha1
+kind: ManagementCenter
+metadata:
+  name: managementcenter
+spec:
+  repository: "hazelcast/management-center"
+  licenseKeySecretName: hazelcast-license-key
+  securityProvider:
+    ldap:
+      credentialsSecretName: ldap-credentianls
+      groupDn: ou=users,dc=example,dc=org
+      groupSearchFilter: member={0}
+      nestedGroupSearch: false
+      url: ldap://ldap-server-url:1389
+      userDn: ou=users,dc=example,dc=org
+      userGroups:
+      - users
+      metricsOnlyGroups:
+      - metrics
+      adminGroups:
+      - admins
+      readonlyUserGroups:
+      - readers
+      userSearchFilter: cn={0}

docs/modules/ROOT/nav.adoc

@@ -30,6 +30,7 @@
 ** xref:management-center-external-access.adoc[External Access]
 ** xref:management-center-persistence.adoc[Persistence]
 ** xref:management-center-jvm-args.adoc[JVM Arguments]
+** xref:management-center-ldap.adoc[LDAP Security Provider]
 
 .Reference
 // Configuration options/spec files/any other reference docs

docs/modules/ROOT/pages/management-center-ldap.adoc

@@ -0,0 +1,73 @@
+= LDAP Security Provider
+:description: You can use your existing LDAP server for authentication/authorization on the Management Center.
+
+{description}
+
+See xref:management-center:deploy-manage:ldap.adoc[Management Center Documentation] for more detailed information.
+
+== Setting Up the LDAP Security Provider
+
+To set up LDAP, you need to configure the `securityProvider.ldap` section in the Management Center CR.
+The following are the required fields to configure the LDAP Security provider.
+
+[cols="30%m,70%a"]
+|===
+|Field|Description
+
+|`credentialsSecretName`
+| The name of the secret that contains `username` and `password` keys of a user that has admin privileges on the LDAP server. The `username` must be the must be the distinguished name (DN) of the user. It is used to connect to the server when authenticating users.
+
+|`userDn`
+| DN to be used for searching users.
+
+|`groupDn`
+| DN to be used for searching groups.
+
+|`adminGroups`
+| Members of these groups and its nested groups have admin privileges on the Management Center.
+
+|`userGroups`
+| Members of these groups and its nested groups have read and write privileges on the Management Center.
+
+|`readonlyUserGroups`
+| Members of these groups and its nested groups have only read privilege on the Management Center.
+
+|`metricsOnlyGroups`
+| Members of these groups and its nested groups have the privilege to see only the metrics on the Management Center.
+
+|`userSearchFilter`
+| LDAP search filter expression to search for the users.
+
+|`groupSearchFilter`
+| LDAP search filter expression to search for the groups.
+
+|===
+
+=== Example Management Center LDAP Configuration
+
+The following is an example configuration for the LDAP Security Provider:
+
+[source,yaml,subs="attributes+"]
+----
+include::ROOT:example$/management-center-ldap.yaml[]
+----
+
+The following example shows how to create a `Secret` for the LDAP credentials.
+
+[source,shell]
+----
+$ kubectl create secret generic ldap-credentianls --from-literal=username="cn=admin,dc=example,dc=org" --from-literal=password="adminpassword"
+$ kubectl get secret ldap-credentianls -o=yaml
+apiVersion: v1
+data:
+  password: YWRtaW5wYXNzd29yZA==
+  username: Y249YWRtaW4sZGM9ZXhhbXBsZSxkYz1vcmc=
+kind: Secret
+metadata:
+  creationTimestamp: "2023-10-11T10:51:37Z"
+  name: ldap-credentianls
+  namespace: default
+  resourceVersion: "59391"
+  uid: 299e5d42-4c72-4877-9a99-c6ffa3c68d07
+type: Opaque
+----