Skip to content

Commit 1e47882

Browse files
cheeliocheelio
committed
Make group providers consistent
1 parent 22e535e commit 1e47882

File tree

1 file changed

+8
-20
lines changed

1 file changed

+8
-20
lines changed

docs/src/main/sphinx/security/group-mapping.md

Lines changed: 8 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -39,12 +39,12 @@ configuration of the chosen group provider must be included in the same file.
3939
(file-group-provider)=
4040
## File group provider
4141

42-
the file group provider resolves group memberships with the configuration in
42+
The file group provider resolves group memberships with the configuration in
4343
the group-provider.properties file on the coordinator.
4444

45-
### Group file configuration
45+
### Configuration
4646

47-
Enable group file by creating an `etc/group-provider.properties`
47+
Enable the file group provider by creating an `etc/group-provider.properties`
4848
file on the coordinator:
4949

5050
```properties
@@ -95,8 +95,6 @@ on the coordinator:
9595
group-provider.name=ldap
9696
```
9797

98-
#### Generic LDAP properties
99-
10098
:::{list-table} Generic LDAP properties
10199
:widths: 40, 40, 20
102100
:header-rows: 1
@@ -153,19 +151,8 @@ group-provider.name=ldap
153151
:::
154152

155153
Group resolution behavior is controlled by the `ldap.use-group-filter` property.
156-
157-
:::{list-table} Group resolution strategy
158-
:widths: 40, 60
159-
:header-rows: 1
160-
* - Property name
161-
- Description
162-
* - `ldap.use-group-filter`
163-
- Whether to use search-based group resolution. Defaults to `true`.
164-
If `false`, Trino uses the attribute-based method.
165-
:::
166-
167-
Trino searches for group entries that include the user DN. This requires the
168-
following properties:
154+
With search-based group resolution, Trino searches for group entries that
155+
include the user DN. This requires the following properties:
169156

170157
:::{list-table} Search-based group resolution
171158
:widths: 40, 40, 20
@@ -184,8 +171,8 @@ following properties:
184171
- `cn`
185172
:::
186173

187-
Trino reads the group list directly from a user attribute. This requires the
188-
following property:
174+
In case of attribute-based group resolution, Trino reads the group list
175+
directly from a user attribute. This requires the following property:
189176

190177
:::{list-table} attribute-based (single query) group resolution
191178
:widths: 40, 40, 40
@@ -198,6 +185,7 @@ following property:
198185
- Group membership attribute in user documents.
199186
- `memberOf`
200187
:::
188+
201189
### Example configurations
202190

203191
The following configuration is an example for an OpenLDAP (search-based)

0 commit comments

Comments
 (0)