From 5bc8a767113310476c610ad0856266bf87ee863f Mon Sep 17 00:00:00 2001 From: cwillum Date: Thu, 20 Oct 2022 10:30:22 -0700 Subject: [PATCH 1/2] fix#1584-custom_attr_allowlist Signed-off-by: cwillum --- _security-plugin/configuration/ldap.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/_security-plugin/configuration/ldap.md b/_security-plugin/configuration/ldap.md index 294e3fd1e9..376f3ae5b9 100755 --- a/_security-plugin/configuration/ldap.md +++ b/_security-plugin/configuration/ldap.md @@ -431,9 +431,11 @@ rolesearch_enabled: false By default, the security plugin reads all LDAP user attributes and makes them available for index name variable substitution and DLS query variable substitution. If your LDAP entries have a lot of attributes, you might want to control which attributes should be made available. The fewer the attributes, the better the performance. +Note that this setting is made in the authentication `authc` section of the config.yml file. + Name | Description :--- | :--- -`custom_attr_whitelist` | String array. Specifies the LDAP attributes that should be made available for variable substitution. +`custom_attr_allowlist` | String array. Specifies the LDAP attributes that should be made available for variable substitution. `custom_attr_maxval_len` | Integer. Specifies the maximum allowed length of each attribute. All attributes longer than this value are discarded. A value of `0` disables custom attributes altogether. Default is 36. Example: @@ -446,7 +448,7 @@ authc: authentication_backend: type: ldap config: - custom_attr_whitelist: + custom_attr_allowlist: - attribute1 - attribute2 custom_attr_maxval_len: 36 From 8f9e4c6d00e78d22b21ab1fe49344c67eac41ac1 Mon Sep 17 00:00:00 2001 From: cwillum Date: Thu, 20 Oct 2022 13:54:38 -0700 Subject: [PATCH 2/2] fix#1584-custom_attr_allowlist2 Signed-off-by: cwillum --- _security-plugin/configuration/ldap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security-plugin/configuration/ldap.md b/_security-plugin/configuration/ldap.md index 376f3ae5b9..398e350bed 100755 --- a/_security-plugin/configuration/ldap.md +++ b/_security-plugin/configuration/ldap.md @@ -503,7 +503,7 @@ Name | Description `skip_users` | Array of users that should be skipped when retrieving roles. Wildcards and regular expressions are supported. `nested_role_filter` | Array of role DNs that should be filtered before resolving nested roles. Wildcards and regular expressions are supported. `rolesearch_enabled` | Boolean. Enable or disable the role search. Default is `true`. -`custom_attr_whitelist` | String array. Specifies the LDAP attributes that should be made available for variable substitution. +`custom_attr_allowlist` | String array. Specifies the LDAP attributes that should be made available for variable substitution. `custom_attr_maxval_len` | Integer. Specifies the maximum allowed length of each attribute. All attributes longer than this value are discarded. A value of `0` disables custom attributes altogether. Default is 36.