From 70a83d172d2c050825981bfbac6720aafb6c750d Mon Sep 17 00:00:00 2001 From: Manfred Moser Date: Thu, 24 Jun 2021 15:51:32 -0700 Subject: [PATCH] Add LDAP service user info --- docs/src/main/sphinx/security/ldap.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/src/main/sphinx/security/ldap.rst b/docs/src/main/sphinx/security/ldap.rst index c73f96010e50b..f42b0c7b1bd24 100644 --- a/docs/src/main/sphinx/security/ldap.rst +++ b/docs/src/main/sphinx/security/ldap.rst @@ -171,6 +171,8 @@ Authorization using Trino LDAP service user ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trino server can use dedicated LDAP service user for doing user group membership queries. +You can use this configuration to support multiple domains. + In such case Trino will first issue a group membership query for a Trino user that needs to be authenticated. A user distinguished name will be extracted from a group membership query result. Trino will then validate user password by creating LDAP context with @@ -182,7 +184,8 @@ Property Description ======================================================= ====================================================== ``ldap.bind-dn`` Bind distinguished name used by Trino when issuing group membership queries. - Example: ``CN=admin,OU=CITY_OU,OU=STATE_OU,DC=domain`` + Example values: ``CN=admin,OU=CITY_OU,OU=STATE_OU,DC=domain`` + or ``trino-service@example.com`` ``ldap.bind-password`` Bind password used by Trino when issuing group membership queries. Example: ``password1234``