diff --git a/source/includes/common-minio-external-auth.rst b/source/includes/common-minio-external-auth.rst index a53beedc..ee355948 100644 --- a/source/includes/common-minio-external-auth.rst +++ b/source/includes/common-minio-external-auth.rst @@ -278,6 +278,12 @@ For example: (&(objectclass=groupOfNames)(memberUid=%s)) + +When providing an AD/LDAP group search filter, configure a filter that returns the minimum number of relevant groups for the purpose of supporting authentication. +Filters that return large group assignments increase the size of associated calls and resources. +Functions sensitive to large request or response bodies may exhibit unexpected behaviors as a result. + + .. end-minio-ad-ldap-group-search-filter .. start-minio-ad-ldap-group-search-base-dn @@ -454,4 +460,4 @@ Defaults to off Specify a comment to associate to the external access management configuration. -.. end-minio-access-management-plugin-comment \ No newline at end of file +.. end-minio-access-management-plugin-comment diff --git a/source/operations/external-iam/configure-ad-ldap-external-identity-management.rst b/source/operations/external-iam/configure-ad-ldap-external-identity-management.rst index 1ea0260e..ef890587 100644 --- a/source/operations/external-iam/configure-ad-ldap-external-identity-management.rst +++ b/source/operations/external-iam/configure-ad-ldap-external-identity-management.rst @@ -191,6 +191,10 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no For complete documentation on these variables, see :ref:`minio-server-envvar-external-identity-management-ad-ldap` + When providing an AD/LDAP group search filter, configure a filter that returns the minimum number of relevant groups for the purpose of supporting authentication. + Filters that return large group assignments increase the size of associated calls and resources. + Functions sensitive to large request or response bodies may exhibit unexpected behaviors as a result. + 2) Restart the MinIO Deployment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/reference/minio-server/settings/iam/ldap.rst b/source/reference/minio-server/settings/iam/ldap.rst index 550deab9..89cda804 100644 --- a/source/reference/minio-server/settings/iam/ldap.rst +++ b/source/reference/minio-server/settings/iam/ldap.rst @@ -265,6 +265,11 @@ Group Search Filter .. include:: /includes/common-minio-external-auth.rst :start-after: start-minio-ad-ldap-group-search-filter :end-before: end-minio-ad-ldap-group-search-filter + +When providing an AD/LDAP group search filter, configure a filter that returns the minimum number of relevant groups for the purpose of supporting authentication. +Filters that return large group assignments increase the size of associated calls and resources. +Functions sensitive to large request or response bodies may exhibit unexpected behaviors as a result. + Group Search Base DN ~~~~~~~~~~~~~~~~~~~~ @@ -398,4 +403,4 @@ Comment .. include:: /includes/common-minio-external-auth.rst :start-after: start-minio-ad-ldap-comment - :end-before: end-minio-ad-ldap-comment \ No newline at end of file + :end-before: end-minio-ad-ldap-comment