Skip to content

Commit 891c58f

Browse files
cognifloydcognifloyd
committed
Reformat README table
1 parent eb8d13d commit 891c58f

File tree

1 file changed

+23
-23
lines changed

1 file changed

+23
-23
lines changed

README.md

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -18,29 +18,29 @@ sudo dnf install python2-devel python3-devel openldap-devel
1818

1919
## Configuration Options
2020

21-
| option | required | default | description |
22-
|----------------------------|----------|----------------|--------------------------------------------------------------------------------------------------------------------------------|
23-
| bind_dn | yes | | DN of the service account to bind with the LDAP server |
24-
| bind_password | yes | | Password of the service account |
25-
| base_ou | yes | | Base OU to search for user entries (and group entries if `base_ou_group` is not provided) |
26-
| group_dns | yes | | Which group DNs (Distinguished Names) a user must be member of to be granted access (group names are considered case-insensitive). Each group must be a fully-qualified DN, or just the last RDN (Relative DN) which is typically a `CN=` entry (like `CN=st2users`). |
27-
| group_dns_check | no | `and` | What kind of check to perform when validating user group membership (`and` / `or`). When `and` behavior is used, user needs to be part of all the specified groups and when `or` behavior is used, user needs to be part of at least one or more of the specified groups. |
28-
| host | yes | | Hostname of the LDAP server. Multiple comma-separated entries are allowed. |
29-
| port | yes | | Port of the LDAP server |
30-
| use_ssl | no | `false` | Use LDAPS to connect |
31-
| use_tls | no | `false` | Start TLS on LDAP to connect |
32-
| cacert | no | `None` | Path to the CA cert used to validate certificate |
33-
| id_attr | no | `uid` | Field name of the user ID attribute; ignored if `account_pattern` is specified. |
34-
| account_pattern | no | `{id_attr}={{username}}` | LDAP subtree pattern to match user. The user's `username` is escaped and interpolated into this string (see example). |
35-
| group_pattern | no | `(\|(&(objectClass=*)(\|(member={user_dn})(uniqueMember={user_dn})(memberUid={username}))))` | LDAP subtree pattern for user groups. Both `user_dn` and `username` are escaped and then interpolated into this string (see example). |
36-
| scope | no | `subtree` | Search scope (`base`, `onelevel`, or `subtree`) |
37-
| network_timeout | no | `10.0` | Timeout for network operations (in seconds) |
38-
| chase_referrals | no | `false` | True if the referrals should be automatically chased within the underlying LDAP C lib |
39-
| debug | no | `false` | Enable debug mode. When debug mode is enabled all the calls (including the results) to LDAP server are logged |
40-
| client_options | no | | A dictionary with additional Python LDAP client options which can be passed to `set_connection()` method |
41-
| cache_user_groups_response | no | `true` | When true, LDAP user groups response is cached for 120 seconds (by default) in memory. This decreases load on LDAP server and increases performance when remote LDAP group to RBAC role sync is enabled and / or when the same user authenticates concurrency in a short time frame. Keep in mind that even when this feature is enabled, single (authenticate) request to LDAP server will still be performed when user authenticates to st2auth - authentication information is not cached - only user groups are cached. |
42-
| cache_user_groups_ttl | no | `120` | How long (in seconds) to cache LDAP user groups responses. |
43-
| base_ou_group | no | `None` (If `None`, uses value of `base_ou`) | Base OU to search for group entries. If this is `None`, group searches use the value of `base_ou` instead. Defaults to `None`. |
21+
| option | required | default | description |
22+
|----------------------------|----------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
23+
| bind_dn | yes | | DN of the service account to bind with the LDAP server |
24+
| bind_password | yes | | Password of the service account |
25+
| base_ou | yes | | Base OU to search for user entries (and group entries if `base_ou_group` is not provided) |
26+
| group_dns | yes | | Which group DNs (Distinguished Names) a user must be member of to be granted access (group names are considered case-insensitive). Each group must be a fully-qualified DN, or just the last RDN (Relative DN) which is typically a `CN=` entry (like `CN=st2users`). |
27+
| group_dns_check | no | `and` | What kind of check to perform when validating user group membership (`and` / `or`). When `and` behavior is used, user needs to be part of all the specified groups and when `or` behavior is used, user needs to be part of at least one or more of the specified groups. |
28+
| host | yes | | Hostname of the LDAP server. Multiple comma-separated entries are allowed. |
29+
| port | yes | | Port of the LDAP server |
30+
| use_ssl | no | `false` | Use LDAPS to connect |
31+
| use_tls | no | `false` | Start TLS on LDAP to connect |
32+
| cacert | no | `None` | Path to the CA cert used to validate certificate |
33+
| id_attr | no | `uid` | Field name of the user ID attribute; ignored if `account_pattern` is specified. |
34+
| account_pattern | no | `{id_attr}={{username}}` | LDAP subtree pattern to match user. The user's `username` is escaped and interpolated into this string (see example). |
35+
| group_pattern | no | `(\|(&(objectClass=*)(\|(member={user_dn})(uniqueMember={user_dn})(memberUid={username}))))` | LDAP subtree pattern for user groups. Both `user_dn` and `username` are escaped and then interpolated into this string (see example). |
36+
| scope | no | `subtree` | Search scope (`base`, `onelevel`, or `subtree`) |
37+
| network_timeout | no | `10.0` | Timeout for network operations (in seconds) |
38+
| chase_referrals | no | `false` | True if the referrals should be automatically chased within the underlying LDAP C lib |
39+
| debug | no | `false` | Enable debug mode. When debug mode is enabled all the calls (including the results) to LDAP server are logged |
40+
| client_options | no | | A dictionary with additional Python LDAP client options which can be passed to `set_connection()` method |
41+
| cache_user_groups_response | no | `true` | When true, LDAP user groups response is cached for 120 seconds (by default) in memory. This decreases load on LDAP server and increases performance when remote LDAP group to RBAC role sync is enabled and / or when the same user authenticates concurrency in a short time frame. Keep in mind that even when this feature is enabled, single (authenticate) request to LDAP server will still be performed when user authenticates to st2auth - authentication information is not cached - only user groups are cached. |
42+
| cache_user_groups_ttl | no | `120` | How long (in seconds) to cache LDAP user groups responses. |
43+
| base_ou_group | no | `None` (If `None`, uses value of `base_ou`) | Base OU to search for group entries. If this is `None`, group searches use the value of `base_ou` instead. Defaults to `None`. |
4444

4545
### Escaping Password Characters
4646

0 commit comments

Comments
 (0)