From effa3e82a73f3525494afdf66f7e77d8ee533cc6 Mon Sep 17 00:00:00 2001 From: eladeyal Date: Thu, 25 Jun 2020 08:50:46 +0300 Subject: [PATCH] prelim LDAP docs --- docs/authentication.md | 12 ++++++++++++ docs/configuration.md | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/docs/authentication.md b/docs/authentication.md index e3f5e4491..a1e01ed6e 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -96,6 +96,18 @@ SAML-based authentication can be enabled by setting the necessary environment va SQLPad users do not need to be added ahead of time, and may be created on the fly using `samlAutoSignUp`. Whenever a new user is detected (unable to match to existing user email), a user record will be added to SQLPad's user table and a user signed in. By default users are not auto-created and must otherwise be added ahead of time. +## LDAP (Experimental) + +LDAP-based authentication can be enabled by setting the necessary environment variables: + +- `ENABLE_LDAP_AUTH` +- `LDAP_URL` +- `LDAP_BASE_DN` +- `LDAP_USERNAME` +- `LDAP_PASSWORD` + +Users sign in to LDAP using a username (and not an e-mail address). + ## Allowed Domains for User Administration An entire domain can be allowed for username administration by setting enviornment variable `SQLPAD_ALLOWED_DOMAINS`. This may be particularly useful in combination with OAuth. diff --git a/docs/configuration.md b/docs/configuration.md index 2dadfaaad..e67a47b64 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -425,3 +425,38 @@ When supplying both `id` and `email`, `id` will be used for user matching instea - Key: `authProxyHeaders` - Env: `SQLPAD_AUTH_PROXY_HEADERS` + +## enableLdapAuth + +Set to `true` to enable LDAP authentication + +- Key: `enableLdapAuth` +- Env: `ENABLE_LDAP_AUTH` + +## ldapUrl + +LDAP server URL. Examples: `ldap://localhost:389`, `ldaps://ad.corporate.com:636` + +- Key: `ldapUrl` +- Env: `LDAP_URL` + +## ldapBaseDN + +LDAP Base DN + +- Key: `ldapBaseDN` +- Env: `LDAP_BASE_DN` + +## ldapUsername + +Username for LDAP lookup + +- Key: `ldapUsername` +- Env: `LDAP_USERNAME` + +## ldapPassword + +Password for LDAP user used for LDAP lookup + +- Key: `ldapPassword` +- Env: `LDAP_PASSWORD`