Variable | LDAP_AUTH_PRINCIPAL | |
Description | Allows to transform LogScale login usernames so to enable LDAP authentication |
This is optional. It's provided so you can transform the username provided
to LogScale during login (john@example.com
is the LOGSCALEUSERNAME
john
) into something that your LDAP
server will authenticate. To do this, supply a pattern and include the
special token LOGSCALEUSERNAME
which
LogScale will replace with the username provided at login before
attempting to bind to the LDAP server.
This is how you can specify the principal provided to your LDAP server.
So, if you provide
cn=LOGSCALEUSERNAME,dc=example,dc=com
and attempt to log in to LogScale with the username of
john@example.com
, LogScale will bind using a
principal name
cn=john,dc=example,dc=com
and the
password provided at the login prompt. If you have users in more than one
location within LDAP you can separate the multiple patterns and LogScale
will try to authenticate in order the options you've provided. Split the
value set in LDAP_AUTH_PRINCIPAL
using the
LDAP_AUTH_PRINCIPALS_REGEX
pattern. This doesn't apply when
using the ldap-search
method.
LDAP_AUTH_PRINCIPALS_REGEX=';'
LDAP_AUTH_PRINCIPAL='cn=LOGSCALEUSERNAME,dc=example,dc=com;cn=LOGSCALEUSERNAME,dc=foo,dc=com;cn=LOGSCALEUSERNAME,dc=bar,dc=com'