AAP-40199 improvements to LDAP configuration content #3370
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hherbly
reviewed
May 1, 2025
| If this setting has a value it will be used instead of the *LDAP User Search* setting. | ||
| ==== | ||
| + | ||
| . *LDAP Start TLS* is disabled by default. To enable TLS when the LDAP connection is not using SSL, set the switch to *On*. StartTLS allows your LDAP connection to be upgraded from an unencrypted connection to a secure connection using Transport Layer Security (TLS). To enable StartTLS when the LDAP connection is not using SSL, set the switch to *On*. |
There was a problem hiding this comment.
I think the last sentence in this line repeats the second sentence in this line (although one is for TLS and one is for StartTLS). Let me know if I'm wrong though.
There was a problem hiding this comment.
Good catch, this is fixed now.
hherbly
reviewed
May 1, 2025
| * `PosixUIDGroupType` | ||
| . Select a group type from the *LDAP Group Type* list. | ||
| + | ||
| The group type defines the class name of the group, which manages the groups associated with users in your LDAP directory and is returned by the search specified in Step 14 of this procedure. The group type, along with group parameters and the group search, is used to find and assign groups to users during log in, and can also be evaluated during the mapping process. The following table lists the available group types, along with their descriptions and the necessary parameters for each. By default, LDAP groups will be mapped to Django groups by taking the first value of the cn attribute. You can specify a different attribute with `name_attr`. For example, `name_attr='cn'`. |
There was a problem hiding this comment.
Based on the rich diff view, I don't see a step 14 in this procedure--they appear to only go up to 12. I could be wrong though so I'd double check.
There was a problem hiding this comment.
Those steps are there it's just some of them are contained in a snippet file because they're common steps across all authentication types.
hherbly
reviewed
May 1, 2025
| | `NestedGroupOfUniqueNamesType` | Handles the `groupOfUniqueNames` object class. Equivalent to `NestedMemberDNGroupType('uniqueMember')`. | `name_attr='cn'` | ||
| 8000 | | `NestedActiveDirectoryGroupType` | Handles the Active Directory groups. Equivalent to `NestedMemberDNGroupType('member')`. | `name_attr='cn'` | |
| | `NestedOrganizationalRoleGroupType` | Handles the `organizationalRole` object class. Equivalent to `NestedMemberDNGroupType('roleOccupant')`. | `name_attr='cn'` | ||
| |=== | ||
| + | ||
| [NOTE] | ||
| ==== | ||
| The group types that are supported by {PlatformNameShort} use the underlying link:https://django-auth-ldap.readthedocs.io/en/latest/reference.html#django_auth_ldap.config.LDAPGroupType[django-auth-ldap library]. To specify the parameters for the selected group type, see Step 13 of this procedure. |
There was a problem hiding this comment.
It should be Step 14 which has been fixed. Some steps are contained within snippet files.
dcdacosta
added a commit
to dcdacosta/aap-docs
that referenced
this pull request
May 1, 2025
* AAP-40199 improvements to LDAP configuration content * AAP-40199 - minor grammar and formatting fixes * AAP-40199 - include peer review suggestions
hherbly
pushed a commit
that referenced
this pull request
May 1, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements requested improvements to the LDAP configuration content to add more field explanations and examples.