Default groupSearch.attributes.groupName to "dn" instead of "cn"

- DNs are more unique than CNs, so it feels like a safer default
2026-01-07 14:05:50 +00:00 · 2021-05-28 13:27:11 -07:00
parent a741041737
commit cedbe82bbb
19 changed files with 81 additions and 45 deletions
--- a/generated/1.18/README.adoc
+++ b/generated/1.18/README.adoc
@@ -852,7 +852,7 @@ LDAPIdentityProvider describes the configuration of an upstream Lightweight Dire
 [cols="25a,75a", options="header"]
 |===
 | Field | Description
-| *`groupName`* __string__ | GroupName specifies the name of the attribute in the LDAP entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the LDAP server in the user's entry. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, the default will act as if the GroupName were specified as "cn" (common name).
+| *`groupName`* __string__ | GroupName specifies the name of the attribute in the LDAP entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the LDAP server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
 |===


--- a/generated/1.18/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go
+++ b/generated/1.18/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go
@@ -68,8 +68,8 @@ type LDAPIdentityProviderGroupSearchAttributes struct {
 	// GroupName specifies the name of the attribute in the LDAP entries whose value shall become a group name
 	// in the user's list of groups after a successful authentication.
 	// The value of this field is case-sensitive and must match the case of the attribute name returned by the LDAP
-	// server in the user's entry. Distinguished names can be used by specifying lower-case "dn".
-	// Optional. When not specified, the default will act as if the GroupName were specified as "cn" (common name).
+	// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
+	// Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
 	// +optional
 	GroupName string `json:"groupName,omitempty"`
 }
--- a/generated/1.18/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml
+++ b/generated/1.18/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml
@@ -86,10 +86,10 @@ spec:
                          in the user's list of groups after a successful authentication.
                          The value of this field is case-sensitive and must match
                          the case of the attribute name returned by the LDAP server
-                          in the user's entry. Distinguished names can be used by
-                          specifying lower-case "dn". Optional. When not specified,
-                          the default will act as if the GroupName were specified
-                          as "cn" (common name).
+                          in the user's entry. E.g. "cn" for common name. Distinguished
+                          names can be used by specifying lower-case "dn". Optional.
+                          When not specified, the default will act as if the GroupName
+                          were specified as "dn" (distinguished name).
                        type: string
                    type: object
                  base: