Add docs for UserAttributeForFilter group search setting

vmware-tanzu · May 31, 2023 · d004859 · d004859
1 parent 46178e9
commit d004859
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 3 deletions.
diff --git a/site/content/docs/howto/configure-supervisor-with-activedirectory.md b/site/content/docs/howto/configure-supervisor-with-activedirectory.md
@@ -131,9 +131,18 @@ spec:
 
     # Specify the search filter which should be applied when searching for
     # groups for a user. "{}" will be replaced by the dn (distinguished
-    # name) of the user entry found as a result of the user search.
+    # name) of the user entry found as a result of the user search, or by
+    # the attribute specified by userAttributeForFilter below.
     filter: "&(objectClass=group)(member={})"
 
+    # Specify what user attribute should be used to replace the "{}"
+    # placeholder in the group search filter. This defaults to "dn".
+    # For example, if you wanted to instead use posixGroups, you
+    # would set the group search filter to
+    # "&(objectClass=posixGroup)(memberUid={})" and set the
+    # userAttributeForFilter to "uid".
+    userAttributeForFilter: "dn"
+
     # Specify which fields from each group entry should be used upon
     # successful login.
     attributes:

diff --git a/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md b/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md
@@ -101,9 +101,18 @@ spec:
 
     # Specify the search filter which should be applied when searching for
     # groups for a user. "{}" will be replaced by the dn (distinguished
-    # name) of the user entry found as a result of the user search.
+    # name) of the user entry found as a result of the user search, or by
+    # the attribute specified by userAttributeForFilter below.
     filter: "&(objectClass=groupOfNames)(member={})"
 
+    # Specify what user attribute should be used to replace the "{}"
+    # placeholder in the group search filter. This defaults to "dn".
+    # For example, if you wanted to instead use posixGroups, you
+    # would set the group search filter to
+    # "&(objectClass=posixGroup)(memberUid={})" and set the
+    # userAttributeForFilter to "uid".
+    userAttributeForFilter: "dn"
+
     # Specify which fields from each group entry should be used upon
     # successful login.
     attributes:

diff --git a/site/content/docs/howto/configure-supervisor-with-openldap.md b/site/content/docs/howto/configure-supervisor-with-openldap.md
@@ -247,9 +247,18 @@ spec:
 
     # Specify the search filter which should be applied when searching for
     # groups for a user. "{}" will be replaced by the dn (distinguished
-    # name) of the user entry found as a result of the user search.
+    # name) of the user entry found as a result of the user search, or by
+    # the attribute specified by userAttributeForFilter below.
     filter: "&(objectClass=groupOfNames)(member={})"
 
+    # Specify what user attribute should be used to replace the "{}"
+    # placeholder in the group search filter. This defaults to "dn".
+    # For example, if you wanted to instead use posixGroups, you
+    # would set the group search filter to
+    # "&(objectClass=posixGroup)(memberUid={})" and set the
+    # userAttributeForFilter to "uid".
+    userAttributeForFilter: "dn"
+
     # Specify which fields from each group entry should be used upon
     # successful login.
     attributes: