From 73f74366a514d47e6350542ea59827fcf47a1482 Mon Sep 17 00:00:00 2001
From: Chris Moore <107723039+cwillum@users.noreply.github.com>
Date: Thu, 20 Oct 2022 11:29:18 -0700
Subject: [PATCH] fix#1584-custom_attr_allowlist (#1636)

Signed-off-by: cwillum <cwmmoore@amazon.com>

Signed-off-by: cwillum <cwmmoore@amazon.com>
---
 _security-plugin/configuration/ldap.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/_security-plugin/configuration/ldap.md b/_security-plugin/configuration/ldap.md
index 294e3fd1e9..376f3ae5b9 100755
--- a/_security-plugin/configuration/ldap.md
+++ b/_security-plugin/configuration/ldap.md
@@ -431,9 +431,11 @@ rolesearch_enabled: false
 
 By default, the security plugin reads all LDAP user attributes and makes them available for index name variable substitution and DLS query variable substitution. If your LDAP entries have a lot of attributes, you might want to control which attributes should be made available. The fewer the attributes, the better the performance.
 
+Note that this setting is made in the authentication `authc` section of the config.yml file.
+
 Name | Description
 :--- | :---
-`custom_attr_whitelist`  | String array. Specifies the LDAP attributes that should be made available for variable substitution.
+`custom_attr_allowlist`  | String array. Specifies the LDAP attributes that should be made available for variable substitution.
 `custom_attr_maxval_len`  | Integer. Specifies the maximum allowed length of each attribute. All attributes longer than this value are discarded. A value of `0` disables custom attributes altogether. Default is 36.
 
 Example:
@@ -446,7 +448,7 @@ authc:
     authentication_backend:
       type: ldap
       config:
-        custom_attr_whitelist:
+        custom_attr_allowlist:
           - attribute1
           - attribute2
         custom_attr_maxval_len: 36