From fb67d57f80205b34b3497e87c1e41d182681b0e3 Mon Sep 17 00:00:00 2001 From: docs-action Date: Wed, 5 Feb 2025 12:55:46 +0000 Subject: [PATCH] Update from https://github.comt/treeverse/lakeFS/commit/f7ba626cc1a6071234c82112cf57c4604bcdb14b --- v1.49/assets/js/search-data.json | 6 +++--- v1.49/howto/garbage-collection/standalone-gc.html | 12 +++++++----- v1.49/security/sso.html | 4 ++-- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/v1.49/assets/js/search-data.json b/v1.49/assets/js/search-data.json index 7465f25e..411c2c15 100644 --- a/v1.49/assets/js/search-data.json +++ b/v1.49/assets/js/search-data.json @@ -4145,7 +4145,7 @@ },"592": { "doc": "Single Sign On (SSO)", "title": "LDAP", - "content": "Fluffy is incharge of providing LDAP authentication for lakeFS Enterprise. The authentication works by querying the LDAP server for user information and authenticating the user based on the provided credentials. Important: An administrative bind user must be configured. It should have search permissions for the LDAP server that will be used to query the LDAP server for user information. For Helm: set the following attributes in the Helm chart values, for lakeFS lakefsConfig.* and fluffyConfig.* for fluffy. No Helm: If not using Helm use the YAML below to directly update the configuration file for each service. lakeFS Configuration: . | Replace auth.remote_authenticator.enabled with true | Replace auth.remote_authenticator.endpoint with the fluffy authentication server URL combined with the api/v1/ldap/login suffix (e.g http://lakefs.company.com/api/v1/ldap/login) | . fluffy Configuration: . See Fluffy configuration reference. | Repalce auth.ldap.remote_authenticator.server_endpoint with your LDAP server endpoint (e.g ldaps://ldap.ldap-address.com:636) | Replace auth.ldap.remote_authenticator.bind_dn with the LDAP bind user/permissions to query your LDAP server. | Replace auth.ldap.remote_authenticator.user_base_dn with the user base to search users in. | . lakeFS Server Configuration file: . $lakefs run -c ./lakefs.yaml . # Important: make sure to include the rest of your lakeFS Configuration here! auth: remote_authenticator: enabled: true endpoint: http://<Fluffy URL>:<Fluffy http port>/api/v1/ldap/login default_user_group: \"Developers\" # Value needs to correspond with an existing group in lakeFS ui_config: logout_url: /logout login_cookie_names: - internal_auth_session . Fluffy Configuration file: . $fluffy run -c ./fluffy.yaml . logging: format: \"json\" level: \"INFO\" audit_log_level: \"INFO\" output: \"=\" installation: fixed_id: fluffy-authenticator auth: post_login_redirect_url: / ldap: server_endpoint: 'ldaps://ldap.company.com:636' bind_dn: uid=<bind-user-name>,ou=<some-ou>,o=<org-id>,dc=<company>,dc=com bind_password: '<ldap pwd>' username_attribute: uid user_base_dn: ou=<some-ou>,o=<org-id>,dc=<company>,dc=com user_filter: (objectClass=inetOrgPerson) connection_timeout_seconds: 15 request_timeout_seconds: 7 . ", + "content": "Fluffy is incharge of providing LDAP authentication for lakeFS Enterprise. The authentication works by querying the LDAP server for user information and authenticating the user based on the provided credentials. Important: An administrative bind user must be configured. It should have search permissions for the LDAP server that will be used to query the LDAP server for user information. For Helm: set the following attributes in the Helm chart values, for lakeFS lakefsConfig.* and fluffyConfig.* for fluffy. No Helm: If not using Helm use the YAML below to directly update the configuration file for each service. lakeFS Configuration: . | Replace auth.remote_authenticator.enabled with true | Replace auth.remote_authenticator.endpoint with the fluffy authentication server URL combined with the api/v1/ldap/login suffix (e.g http://lakefs.company.com/api/v1/ldap/login) | . fluffy Configuration: . See Fluffy configuration reference. | Replace auth.ldap.remote_authenticator.server_endpoint with your LDAP server endpoint (e.g ldaps://ldap.ldap-address.com:636) | Replace auth.ldap.remote_authenticator.bind_dn with the LDAP bind user/permissions to query your LDAP server. | Replace auth.ldap.remote_authenticator.user_base_dn with the user base to search users in. | . lakeFS Server Configuration file: . $lakefs run -c ./lakefs.yaml . # Important: make sure to include the rest of your lakeFS Configuration here! auth: remote_authenticator: enabled: true endpoint: http://<Fluffy URL>:<Fluffy http port>/api/v1/ldap/login default_user_group: \"Developers\" # Value needs to correspond with an existing group in lakeFS ui_config: logout_url: /logout login_cookie_names: - internal_auth_session . Fluffy Configuration file: . $fluffy run -c ./fluffy.yaml . logging: format: \"json\" level: \"INFO\" audit_log_level: \"INFO\" output: \"=\" installation: fixed_id: fluffy-authenticator auth: post_login_redirect_url: / ldap: server_endpoint: 'ldaps://ldap.company.com:636' bind_dn: uid=<bind-user-name>,ou=<some-ou>,o=<org-id>,dc=<company>,dc=com bind_password: '<ldap pwd>' username_attribute: uid user_base_dn: ou=<some-ou>,o=<org-id>,dc=<company>,dc=com user_filter: (objectClass=inetOrgPerson) connection_timeout_seconds: 15 request_timeout_seconds: 7 . ", "url": "/v1.49/security/sso.html#ldap", "relUrl": "/security/sso.html#ldap" @@ -4166,7 +4166,7 @@ },"595": { "doc": "Standalone Garbage Collection", "title": "Table of contents", - "content": ". | What is Standalone GC? | Limitations | Installation . | Step 1: Obtain Dockerhub token | Step 2: Login to Dockerhub with this token | Step 3: Download the docker image | . | Setup . | Permissions | Credentials | Using S3-compatible clients | Configuration | . | How to Run Standalone GC? . | Command line reference | Get the List of Objects Marked for Deletion | Delete marked objects | . | Lab tests | . ", + "content": ". | What is Standalone GC? | Limitations | Installation . | Step 1: Obtain DockerHub token | Step 2: Login to DockerHub with this token | Step 3: Download the docker image | . | Setup . | Permissions | Credentials | Using S3-compatible clients | Configuration | . | How to Run Standalone GC? . | Command line reference | Get the List of Objects Marked for Deletion | Delete marked objects | . | Lab tests | . ", "url": "/v1.49/howto/garbage-collection/standalone-gc.html#table-of-contents", "relUrl": "/howto/garbage-collection/standalone-gc.html#table-of-contents" @@ -4187,7 +4187,7 @@ },"598": { "doc": "Standalone Garbage Collection", "title": "Installation", - "content": "Step 1: Obtain Dockerhub token . lakeFS Enterprise customers . Contact your account manager to verify that Standalone GC is included in your license. Then use your dockerhub token for the externallakefs user. New to lakeFS Enterprise . Please contact us to get trial access to Standalone GC. Step 2: Login to Dockerhub with this token . docker login -u <token> . Step 3: Download the docker image . Download the image from the lakefs-sgc repository: . docker pull treeverse/lakefs-sgc:<tag> . ", + "content": "Step 1: Obtain DockerHub token . lakeFS Enterprise customers . Contact your account manager to verify that Standalone GC is included in your license. Then use your dockerhub token for the externallakefs user. New to lakeFS Enterprise . Please contact us to get trial access to Standalone GC. Step 2: Login to DockerHub with this token . docker login -u <token> . Step 3: Download the docker image . Download the treeverse/lakefs-sgc image from Docker Hub: . docker pull treeverse/lakefs-sgc:<tag> . ", "url": "/v1.49/howto/garbage-collection/standalone-gc.html#installation", "relUrl": "/howto/garbage-collection/standalone-gc.html#installation" diff --git a/v1.49/howto/garbage-collection/standalone-gc.html b/v1.49/howto/garbage-collection/standalone-gc.html index 2757ba92..5f27408f 100644 --- a/v1.49/howto/garbage-collection/standalone-gc.html +++ b/v1.49/howto/garbage-collection/standalone-gc.html @@ -590,8 +590,8 @@

  • What is Standalone GC?
  • Limitations
  • Installation
      -
    1. Step 1: Obtain Dockerhub token
      2. -
    2. Step 2: Login to Dockerhub with this token
      3. +
    3. Step 1: Obtain DockerHub token
      4. +
    4. Step 2: Login to DockerHub with this token
    5. Step 3: Download the docker image
    • @@ -649,7 +649,7 @@

    - Step 1: Obtain Dockerhub token + Step 1: Obtain DockerHub token

    @@ -678,7 +678,7 @@

    - Step 2: Login to Dockerhub with this token + Step 2: Login to DockerHub with this token

    @@ -695,7 +695,8 @@

    -

    Download the image from the lakefs-sgc repository:

    +

    Download the treeverse/lakefs-sgc image from Docker Hub:

    + 
    docker pull treeverse/lakefs-sgc:<tag>

    @@ -726,6 +727,7 @@

    The minimum required permissions for AWS or S3-compatible storage are:

    + 
    {
   "Version": "2012-10-17",
   "Statement": [
diff --git a/v1.49/security/sso.html b/v1.49/security/sso.html
index e1b05326..6773e05f 100644
--- a/v1.49/security/sso.html
+++ b/v1.49/security/sso.html
@@ -956,7 +956,7 @@ 
    
     
    See Fluffy configuration reference.
    
 
     
      
-      
    1. Repalce auth.ldap.remote_authenticator.server_endpoint with your LDAP server endpoint  (e.g ldaps://ldap.ldap-address.com:636)
      2. 
+      
    2. Replace auth.ldap.remote_authenticator.server_endpoint with your LDAP server endpoint  (e.g ldaps://ldap.ldap-address.com:636)
      3. 
       
    3. Replace auth.ldap.remote_authenticator.bind_dn with the LDAP bind user/permissions to query your LDAP server.
      4. 
       
    4. Replace auth.ldap.remote_authenticator.user_base_dn with the user base to search users in.
      5. 
     
    
@@ -1028,7 +1028,7 @@ 
    
 
    
     
 
-    
    Auth issues (e.g. user not found, invalid credentials) can be debugged with the ldapwhoami CLI tool.
    
+    
    Auth issues (e.g. user not found, invalid credentials) can be debugged with the ldapwhoami CLI tool.
    
 
     
    The Examples are based on the fluffy config above: