File tree Expand file tree Collapse file tree 1 file changed +12
-0
lines changed
docs/modules/opa/pages/usage-guide Expand file tree Collapse file tree 1 file changed +12
-0
lines changed Original file line number Diff line number Diff line change @@ -110,6 +110,18 @@ spec:
110110<7> The name of the SecretClass that knows how to create Kerberos keytabs trusted by Active Directory
111111<8> The name of the SecretClass that contains the Active Directory's root CA certificate(s)
112112
113+
114+ When retrieving user groups from Active Directory, the user info fetcher filters by both `upn` as well as `sAmAccountName` using the following query:
115+
116+ [source]
117+ ----
118+ (&(objectClass=user)(|(userPrincipalName=<upn>@<realm>)(userPrincipalName=<upn>)(sAMAccountName=<upn>)))
119+ ----
120+
121+ where `<upn>` is the user principal name of the user and `<realm>` is the realm of the user.
122+
123+ The above is to accommodate for different Active Directory user management strategies and is subject to change in future releases.
124+
113125[#backend-entra]
114126=== Entra
115127
You can’t perform that action at this time.
0 commit comments