Skip to content

[v13] docs: add missing server_name to LDAP config #26692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zmb3 merged 1 commit into from
May 23, 2023
Merged

[v13] docs: add missing server_name to LDAP config #26692

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 21 additions & 16 deletions docs/pages/includes/config-reference/desktop-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,27 @@ windows_desktop_service:
# For best results, this address should point to a highly-available
# endpoint (a load balancer, VIP, or round-robin DNS) rather than
# a single domain controller.
addr: '$LDAP_SERVER_ADDRESS'
addr: '$LDAP_SERVER_ADDRESS'
# Optional: the server name to use when validating the LDAP server's
# certificate. Useful in cases where addr is an IP but the server
# presents a cert with some other hostname.
server_name: '$LDAP_SERVER_NAME'
# You can skip LDAPS certificate verification by setting
# this to true. It is recommended that this be set to false
# and the certificate added your system's trusted repository,
# or provided as a PEM encoded certificate using ldap_ca_cert variable.
# You can provide a filepath with der_ca_file, but this behavior is deprecated.
insecure_skip_verify: false
# PEM encoded LDAP CA certificate.
ldap_ca_cert: |
-----BEGIN CERTIFICATE-----
*certificate data*
-----END CERTIFICATE-----
# DER encoded LDAP CA certificate.
# deprecated: prefer ldap_ca_cert instead
der_ca_file: /path/to/cert
# Active Directory domain name you are connecting to.
domain: '$LDAP_DOMAIN_NAME'
domain: '$LDAP_DOMAIN_NAME'
# LDAP username for authentication. This username must include the domain
# NetBIOS name. The use of single quotes here is intentional in order to
# avoid the need to escape the backslash (\) character.
Expand All @@ -45,20 +63,7 @@ windows_desktop_service:
# filter = (&(objectCategory=person)(objectClass=user)(sAMAccountName=$LDAP_USERNAME))
# and requesting the attribute = objectSid
sid: '$LDAP_USER_SID'
# You can skip LDAPS certificate verification by setting
# this to true. It is recommended that this be set to false
# and the certificate added your system's trusted repository,
# or provided as a PEM encoded certificate using ldap_ca_cert variable.
# You can provide a filepath with der_ca_file, but this behavior is deprecated.
insecure_skip_verify: false
# PEM encoded LDAP CA certificate.
ldap_ca_cert: |
-----BEGIN CERTIFICATE-----
*certificate data*
-----END CERTIFICATE-----
# DER encoded LDAP CA certificate.
# deprecated: prefer ldap_ca_cert instead
der_ca_file: /path/to/cert


# (optional) hosts is a list of hostnames to register as WindowsDesktop
# objects in Teleport. These hosts must be part of the Active Directory
Expand Down