mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-21 15:12:02 +00:00
Fix YAML lint
This commit is contained in:
Alexey Milovidov
parent
f80e6535b0
commit
9edfc1641a
@ -391,56 +391,57 @@ user_directories:
|
||||
local_directory:
|
||||
# Path to folder where users created by SQL commands are stored.
|
||||
path: /var/lib/clickhouse/access/
|
||||
# To add an LDAP server as a remote user directory of users that are not defined locally, define a single 'ldap' section
|
||||
# with the following parameters:
|
||||
# server - one of LDAP server names defined in 'ldap_servers' config section above.
|
||||
# This parameter is mandatory and cannot be empty.
|
||||
# roles - section with a list of locally defined roles that will be assigned to each user retrieved from the LDAP server.
|
||||
# If no roles are specified here or assigned during role mapping (below), user will not be able to perform any
|
||||
# actions after authentication.
|
||||
# role_mapping - section with LDAP search parameters and mapping rules.
|
||||
# When a user authenticates, while still bound to LDAP, an LDAP search is performed using search_filter and the
|
||||
# name of the logged in user. For each entry found during that search, the value of the specified attribute is
|
||||
# extracted. For each attribute value that has the specified prefix, the prefix is removed, and the rest of the
|
||||
# value becomes the name of a local role defined in ClickHouse, which is expected to be created beforehand by
|
||||
# CREATE ROLE command.
|
||||
# There can be multiple 'role_mapping' sections defined inside the same 'ldap' section. All of them will be
|
||||
# applied.
|
||||
# base_dn - template used to construct the base DN for the LDAP search.
|
||||
# The resulting DN will be constructed by replacing all '{user_name}', '{bind_dn}', and '{user_dn}'
|
||||
# substrings of the template with the actual user name, bind DN, and user DN during each LDAP search.
|
||||
# scope - scope of the LDAP search.
|
||||
# Accepted values are: 'base', 'one_level', 'children', 'subtree' (the default).
|
||||
# search_filter - template used to construct the search filter for the LDAP search.
|
||||
# The resulting filter will be constructed by replacing all '{user_name}', '{bind_dn}', '{user_dn}', and
|
||||
# '{base_dn}' substrings of the template with the actual user name, bind DN, user DN, and base DN during
|
||||
# each LDAP search.
|
||||
# Note, that the special characters must be escaped properly in XML.
|
||||
# attribute - attribute name whose values will be returned by the LDAP search. 'cn', by default.
|
||||
# prefix - prefix, that will be expected to be in front of each string in the original list of strings returned by
|
||||
# the LDAP search. Prefix will be removed from the original strings and resulting strings will be treated
|
||||
# as local role names. Empty, by default.
|
||||
# Example:
|
||||
# ldap:
|
||||
# server: my_ldap_server
|
||||
# roles:
|
||||
# my_local_role1: ''
|
||||
# my_local_role2: ''
|
||||
# role_mapping:
|
||||
# base_dn: 'ou=groups,dc=example,dc=com'
|
||||
# scope: subtree
|
||||
# search_filter: '(&(objectClass=groupOfNames)(member={bind_dn}))'
|
||||
# attribute: cn
|
||||
# prefix: clickhouse_
|
||||
# Example (typical Active Directory with role mapping that relies on the detected user DN):
|
||||
# ldap:
|
||||
# server: my_ad_server
|
||||
# role_mapping:
|
||||
# base_dn: 'CN=Users,DC=example,DC=com'
|
||||
# attribute: CN
|
||||
# scope: subtree
|
||||
# search_filter: '(&(objectClass=group)(member={user_dn}))'
|
||||
# prefix: clickhouse_
|
||||
|
||||
# # To add an LDAP server as a remote user directory of users that are not defined locally, define a single 'ldap' section
|
||||
# # with the following parameters:
|
||||
# # server - one of LDAP server names defined in 'ldap_servers' config section above.
|
||||
# # This parameter is mandatory and cannot be empty.
|
||||
# # roles - section with a list of locally defined roles that will be assigned to each user retrieved from the LDAP server.
|
||||
# # If no roles are specified here or assigned during role mapping (below), user will not be able to perform any
|
||||
# # actions after authentication.
|
||||
# # role_mapping - section with LDAP search parameters and mapping rules.
|
||||
# # When a user authenticates, while still bound to LDAP, an LDAP search is performed using search_filter and the
|
||||
# # name of the logged in user. For each entry found during that search, the value of the specified attribute is
|
||||
# # extracted. For each attribute value that has the specified prefix, the prefix is removed, and the rest of the
|
||||
# # value becomes the name of a local role defined in ClickHouse, which is expected to be created beforehand by
|
||||
# # CREATE ROLE command.
|
||||
# # There can be multiple 'role_mapping' sections defined inside the same 'ldap' section. All of them will be
|
||||
# # applied.
|
||||
# # base_dn - template used to construct the base DN for the LDAP search.
|
||||
# # The resulting DN will be constructed by replacing all '{user_name}', '{bind_dn}', and '{user_dn}'
|
||||
# # substrings of the template with the actual user name, bind DN, and user DN during each LDAP search.
|
||||
# # scope - scope of the LDAP search.
|
||||
# # Accepted values are: 'base', 'one_level', 'children', 'subtree' (the default).
|
||||
# # search_filter - template used to construct the search filter for the LDAP search.
|
||||
# # The resulting filter will be constructed by replacing all '{user_name}', '{bind_dn}', '{user_dn}', and
|
||||
# # '{base_dn}' substrings of the template with the actual user name, bind DN, user DN, and base DN during
|
||||
# # each LDAP search.
|
||||
# # Note, that the special characters must be escaped properly in XML.
|
||||
# # attribute - attribute name whose values will be returned by the LDAP search. 'cn', by default.
|
||||
# # prefix - prefix, that will be expected to be in front of each string in the original list of strings returned by
|
||||
# # the LDAP search. Prefix will be removed from the original strings and resulting strings will be treated
|
||||
# # as local role names. Empty, by default.
|
||||
# # Example:
|
||||
# # ldap:
|
||||
# # server: my_ldap_server
|
||||
# # roles:
|
||||
# # my_local_role1: ''
|
||||
# # my_local_role2: ''
|
||||
# # role_mapping:
|
||||
# # base_dn: 'ou=groups,dc=example,dc=com'
|
||||
# # scope: subtree
|
||||
# # search_filter: '(&(objectClass=groupOfNames)(member={bind_dn}))'
|
||||
# # attribute: cn
|
||||
# # prefix: clickhouse_
|
||||
# # Example (typical Active Directory with role mapping that relies on the detected user DN):
|
||||
# # ldap:
|
||||
# # server: my_ad_server
|
||||
# # role_mapping:
|
||||
# # base_dn: 'CN=Users,DC=example,DC=com'
|
||||
# # attribute: CN
|
||||
# # scope: subtree
|
||||
# # search_filter: '(&(objectClass=group)(member={user_dn}))'
|
||||
# # prefix: clickhouse_
|
||||
|
||||
# Default profile of settings.
|
||||
default_profile: default
|
||||
|
||||
Loading…
Reference in New Issue
Block a user