eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-28 10:28:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

website: fix typos (#20996)

Browse Source
This commit is contained in:
Dominic R
2026-03-20 12:43:34 -04:00
committed by GitHub
parent e3ddc0422a
commit 090d09fcdd
95 changed files with 279 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
website/docs/users-sources/sources/protocols/ldap/index.md
View File

@@ -2,7 +2,7 @@
title: LDAP Source
---
Sources allow you to connect authentik to an existing user directory. This source allows you to import users and groups from an LDAP Server.
Sources allow you to connect authentik to an existing user directory. This source allows you to import users and groups from an LDAP server.
:::info
For Active Directory, follow the [Active Directory Integration](../../directory-sync/active-directory/index.md)
@@ -49,7 +49,7 @@ To create or edit a source in authentik, open the Admin interface and navigate t
- **Additional Group DN**: Prepended to the base DN for group queries.
- **User object filter**: Consider objects matching this filter to be users.
- **Group object filter**: Consider objects matching this filter to be groups.
- **Lookup using a user attribute**: Acquire group membership from a User object attribute (`memberOf`) instead of a Group attribute (`member`). This works with directories with nested groups memberships (Active Directory, RedHat IDM/FreeIPA), using `memberOf:1.2.840.113556.1.4.1941:` as the group membership field.
- **Lookup using a user attribute**: Acquire group membership from a User object attribute (`memberOf`) instead of a Group attribute (`member`). This works with directories with nested group memberships (Active Directory, RedHat IDM/FreeIPA), using `memberOf:1.2.840.113556.1.4.1941:` as the group membership field.
- **Group membership field**: The user object attribute or the group object attribute that determines the group membership for a user. If **Lookup using a user attribute** is set, this should be a user object attribute, otherwise a group object attribute.
- **User membership attribute**: Attribute name on authentik user objects which is checked against the **Group membership field**. Two common cases are:
- If your groups have `member` attributes containing DNs, set this to `distinguishedName`. (The `distinguishedName` attribute for User objects in authentik is set automatically.)
@@ -62,7 +62,7 @@ See the [overview](../../property-mappings/index.md) for information on how prop
By default, authentik ships with [pre-configured mappings](#built-in-property-mappings) for the most common LDAP setups. These mappings can be found on the LDAP Source Configuration page in the Admin interface.
You can assign the value of a mapping to any user attribute. Keep in mind though, data types from the LDAP server will be carried over. This means that with some implementations, where fields are stored as array in LDAP, they will be saved as array in authentik. To prevent this, use the built-in `list_flatten` function. Here is an example mapping for the user's username and a custom attribute for a phone number:
You can assign the value of a mapping to any user attribute. Keep in mind, though, data types from the LDAP server will be carried over. This means that with some implementations, where fields are stored as an array in LDAP, they will be saved as an array in authentik. To prevent this, use the built-in `list_flatten` function. Here is an example mapping for the user's username and a custom attribute for a phone number:
```python
return {
@@ -75,7 +75,7 @@ return {
### Built-in property mappings
LDAP property mappings are used when you define a LDAP source. These mappings define which LDAP property maps to which authentik property. By default, the following mappings are created:
LDAP property mappings are used when you define an LDAP source. These mappings define which LDAP property maps to which authentik property. By default, the following mappings are created:
- `authentik default Active Directory Mapping: givenName`
- `authentik default Active Directory Mapping: sAMAccountName`
@@ -97,7 +97,7 @@ The following variables are available to LDAP source property mappings:
### Additional expression semantics
If you need to skip synchronization for a specific object, you can raise the `SkipObject` exception. To do so, create or modify a LDAP property mapping to use an expression to define the object to skip.
If you need to skip synchronization for a specific object, you can raise the `SkipObject` exception. To do so, create or modify an LDAP property mapping to use an expression to define the object to skip.
**Example:**