Add documentation for exclude_roles settings for LDAP security config (…

…opensearch-project#6399) * Add documentation for exclude_roles settings for LDAP security config Signed-off-by: Craig Perkins <cwperx@amazon.com> * Match skip_users language Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>
lukas-vlcek · Feb 15, 2024 · 9c8180e · 9c8180e
1 parent f283585
commit 9c8180e
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/_security/authentication-backends/ldap.md b/_security/authentication-backends/ldap.md
@@ -509,6 +509,7 @@ Name | Description
 `resolve_nested_roles`  | Boolean. Whether or not to resolve nested roles. Default is `false`.
 `max_nested_depth`  | Integer. When `resolve_nested_roles` is `true`, this defines the maximum number of nested roles to traverse. Setting smaller values can reduce the amount of data retrieved from LDAP and improve authentication times at the cost of failing to discover deeply nested roles. Default is `30`.
 `skip_users`  | Array of users that should be skipped when retrieving roles. Wildcards and regular expressions are supported.
+`exclude_roles`  | Array of roles that should be excluded when retrieving roles. Wildcards are supported.
 `nested_role_filter`  | Array of role DNs that should be filtered before resolving nested roles. Wildcards and regular expressions are supported.
 `rolesearch_enabled`  | Boolean. Enable or disable the role search. Default is `true`.
 `custom_attr_allowlist`  | String array. Specifies the LDAP attributes that should be made available for variable substitution.