docs: LDAP separate credentials file

Signed-off-by: mbshields <[email protected]>
project-zot · Nov 16, 2023 · 2941089 · 2941089
1 parent b832c98
commit 2941089
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 6 deletions.
diff --git a/docs/articles/authn-authz.md b/docs/articles/authn-authz.md
@@ -116,6 +116,7 @@ zot supports integration with an LDAP-based authentication service such as Micro
 ...
   "auth": {
     "ldap": {
+      "credentialsFile": "examples/config-ldap-credentials.json",
       "address": "ldap.example.org",
       "port": 389,
       "startTLS": false,
@@ -131,22 +132,38 @@ zot supports integration with an LDAP-based authentication service such as Micro
 }
 ```
 
-The following table lists the configurable attributes for LDAP
-authentication.
+The following table lists the configurable attributes for LDAP authentication.
 
 | Attribute       | Description                                                                      |
 |-----------------|----------------------------------------------------------------------------------|
+| `credentialsFile` | The path to a file containing the bind credentials for LDAP.                   |
 | `address`       | The IP address or hostname of the LDAP server.                                   |
 | `port`          | The port number used by the LDAP service.                                        |
 | `startTLS`      | Set to `true` to enable TLS communication with the LDAP server.                  |
 | `baseDN`        | Starting location within the LDAP directory for performing user searches.        |
-| `userAttribute` | Attribute name used to obtain the username.                                                  |
-| `userGroupAttribute` | Attribute name used to obtain groups to which a user belongs.                                            |
-| `bindDN`        | Base Distinguished Name for the LDAP search.                                     |
-| `bindPassword`  | Password of the bind LDAP user.                                                  |
+| `userAttribute` | Attribute name used to obtain the username.                                      |
+| `userGroupAttribute` | Attribute name used to obtain groups to which a user belongs.               |
 | `skipVerify`    | Skip TLS verification.                                                           |
 | `subtreeSearch` | Set to `true` to expand the scope for search to include subtrees of the base DN. |
 
+
+A local file contains the bind credentials for the LDAP server, as shown in the following example. 
+
+``` json
+{
+  "bindDN":"cn=ldap-searcher,ou=Users,dc=example,dc=org",
+  "bindPassword":"ldap-searcher-password"
+}
+```
+
+The following table lists the configurable attributes of the LDAP credentials file.
+
+| Attribute       | Description                                                                      |
+|-----------------|----------------------------------------------------------------------------------|
+| `bindDN`        | Base Distinguished Name for the LDAP search.                                     |
+| `bindPassword`  | Password of the bind LDAP user.                                                  |
+
+
 ### htpasswd
 
 Enable and configure `htpasswd` authentication in the zot

diff --git a/docs/general/whats-new.md b/docs/general/whats-new.md
@@ -30,6 +30,10 @@
 
 - The validity of an image's signature can be [verified](../articles/verifying-signatures.md) by zot. Users can upload public keys or certificates to zot.
 
+### LDAP credentials stored apart from configuration
+
+- The LDAP credentials are removed from zot's LDAP configuration and stored in a separate file. See zot's [LDAP documentation](../articles/authn-authz.md).
+
 ### Storage deduplication on startup
 
 - [Deduplication](../articles/storage.md), a storage space saving feature, now runs or reverts at startup depending on whether the feature is enabled or disabled. You can trigger deduplication by enabling it and then restarting zot.