summary refs log tree commit diff
path: root/docs/usage/configuration/config_documentation.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/usage/configuration/config_documentation.md')
-rw-r--r--docs/usage/configuration/config_documentation.md39
1 files changed, 30 insertions, 9 deletions
diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md

index 5351bef83a..3927b9ca14 100644
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@@ -2887,6 +2887,20 @@ Example configuration:
 inhibit_user_in_use_error: true
 ```
 ---
+### `allow_underscore_prefixed_registration`
+
+Whether users are allowed to register with a underscore-prefixed localpart.
+By default, AppServices use prefixes like `_example` to namespace their
+associated ghost users. If turned on, this may result in clashes or confusion.
+Useful when provisioning users from an external identity provider.
+
+Defaults to false.
+
+Example configuration:
+```yaml
+allow_underscore_prefixed_registration: false
+```
+---
 ## User session management
 ---
 ### `session_lifetime`
@@ -3768,17 +3782,23 @@ match particular values in the OIDC userinfo. The requirements can be listed und
 ```yaml
 attribute_requirements:
      - attribute: family_name
-       value: "Stephensson"
+       one_of: ["Stephensson", "Smith"]
      - attribute: groups
        value: "admin"
+     # If `value` or `one_of` are not specified, the attribute only needs
+     # to exist, regardless of value.
+     - attribute: picture
 ```
+
+`attribute` is a required field, while `value` and `one_of` are optional.
+
 All of the listed attributes must match for the login to be permitted. Additional attributes can be added to
 userinfo by expanding the `scopes` section of the OIDC config to retrieve
 additional information from the OIDC provider.
 
 If the OIDC claim is a list, then the attribute must match any value in the list.
 Otherwise, it must exactly match the value of the claim. Using the example
-above, the `family_name` claim MUST be "Stephensson", but the `groups`
+above, the `family_name` claim MUST be either "Stephensson" or "Smith", but the `groups`
 claim MUST contain "admin".
 
 Example configuration:
@@ -4331,28 +4351,29 @@ room list by default_
 Example configuration:
 
 ```yaml
-# No rule list specified. Anyone may publish any room to the public list.
+# No rule list specified. No one may publish any room to the public list, except server admins.
 # This is the default behaviour.
 room_list_publication_rules:
 ```
 
 ```yaml
-# A list of one rule which allows everything.
+# A list of one rule which denies everything.
 # This has the same effect as the previous example.
 room_list_publication_rules:
-  - "action": "allow"
+  - "action": "deny"
 ```
 
 ```yaml
-# An empty list of rules. No-one may publish to the room list.
+# An empty list of rules.
+# This has the same effect as the previous example.
 room_list_publication_rules: []
 ```
 
 ```yaml
-# A list of one rule which denies everything.
-# This has the same effect as the previous example.
+# A list of one rule which allows everything.
+# This was the default behaviour pre v1.126.0.
 room_list_publication_rules:
-  - "action": "deny"
+  - "action": "allow"
 ```
 
 ```yaml
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-29 07:56:28 +0000