Skip to content
logo
Percona Server for MySQL
LDAP authentication plugin system variables
Initializing search
    percona/psmysql-docs
    percona/psmysql-docs
    • Home
      • Release notes index
      • Percona Server for MySQL 8.0.32-24 (2023-03-20)
      • Percona Server for MySQL 8.0.31-23 (2023-02-09)
        • Percona Server for MySQL 8.0.30-22 Update (2022-11-21)
        • Percona Server for MySQL 8.0.30-22 (2022-11-21)
        • Percona Server for MySQL 8.0.29-21 (2022-08-08)
        • Percona Server for MySQL 8.0.28-20 (2022-06-20)
        • Percona Server for MySQL 8.0.28-19 (2022-05-12)
        • Percona Server for MySQL 8.0.27-18 (2022-03-02)
        • Percona Server for MySQL 8.0.26-17 (2022-01-26)
        • Percona Server for MySQL 8.0.26-16 (2021-10-20)
        • Percona Server for MySQL 8.0.25-15 (2021-07-13)
        • Percona Server for MySQL 8.0.23-14 (2021-05-12)
        • Percona Server for MySQL 8.0.22-13 (2020-12-14)
        • Percona Server for MySQL 8.0.21-12 (2020-10-13)
        • Percona Server for MySQL 8.0.20-11 (2020-07-21)
        • Percona Server for MySQL 8.0.19-10 (2020-03-23)
        • Percona Server for MySQL 8.0.18-9
        • Percona Server for MySQL 8.0.17-8
        • Percona Server for MySQL 8.0.16-7
        • Percona Server for MySQL 8.0.15-6
        • Percona Server for MySQL 8.0.15-5
        • Percona Server for MySQL 8.0.14
        • Percona Server for MySQL 8.0.13-4
        • Percona Server for MySQL 8.0.13-3
        • Percona Server for MySQL 8.0.12-2rc1
      • Limiting the disk space used by binary log files
      • Extended mysqlbinlog
      • Slow query log rotation and expiration
      • Extended SELECT INTO OUTFILE/DUMPFILE
      • Support for PROXY protocol
      • SEQUENCE_TABLE(n) function
      • Trigger updates
      • Expanded fast index creation
      • Kill idle transactions
      • Percona Toolkit UDFs
      • Utility user
      • The ProcFS plugin
      • Adaptive network buffers
      • Thread pool
      • Quickstart overview
      • Install Percona Server for MySQL from repositories
        • Use APT repositories
        • Files in DEB package
        • Build APT packages
        • Downloaded DEB packages
        • Apt pinning
        • Run Percona Server for MySQL
        • Uninstall
        • Use RPM repositories
        • Files in RPM package
        • Downloaded RPM packages
        • Run Percona Server for MySQL
        • Uninstall
        • Install with binary tarballs
        • Binary tarballs available
        • Install Percona Server for MySQL from a source tarball
        • Compile Percona Server for MySQL 8.0 from source
        • Install using Docker
        • Docker environment variables
      • Upgrade guide
      • Upgrade using the Percona repositories
      • Upgrade from systems that use the MyRocks or TokuDB storage engine and partitioned tables
      • Upgrade using Standalone Packages
      • Downgrade
      • Binary logs and replication improvements
      • Post-installation
      • Working with AppArmor
      • Working with SELinux
      • Extended SHOW GRANTS
        • Backup locks
        • Extended mysqldump
        • Start transaction with consistent snapshot
        • Using LDAP authentication plugins
        • LDAP authentication plugin system variables
          • Authentication system variables
            • authentication_ldap_sasl_bind_base_dn
            • authentication_ldap_sasl_bind_root_dn
            • authentication_ldap_sasl_bind_root_pwd
            • authentication_ldap_sasl_ca_path
            • authentication_ldap_sasl_fallback_server_host
            • authentication_ldap_sasl_fallback_server_port
            • authentication_ldap_sasl_group_role_mapping
            • authentication_ldap_sasl_group_search_attr
            • authentication_ldap_sasl_group_search_filter
            • authentication_ldap_sasl_init_pool_size
            • authentication_ldap_sasl_log_status
            • authentication_ldap_sasl_max_pool_size
            • authentication_ldap_sasl_server_host
            • authentication_ldap_sasl_server_port
            • authentication_ldap_sasl_ssl
            • authentication_ldap_sasl_tls
            • authentication_ldap_sasl_user_search_attr
            • authentication_ldap_simple_bind_base_dn
            • authentication_ldap_simple_bind_root_dn
            • authentication_ldap_simple_bind_root_pwd
            • authentication_ldap_simple_ca_path
            • authentication_ldap_simple_fallback_server_host
            • authentication_ldap_simple_fallback_server_port
            • authentication_ldap_simple_group_role_mapping
            • authentication_ldap_simple_group_search_attr
            • authentication_ldap_simple_group_search_filter
            • authentication_ldap_simple_init_pool_size
            • authentication_ldap_simple_log_status
            • authentication_ldap_simple_max_pool_size
            • authentication_ldap_simple_server_host
            • authentication_ldap_simple_server_port
            • authentication_ldap_simple_ssl
            • authentication_ldap_simple_tls
            • authentication_ldap_simple_user_search_attr
      • Data masking
      • PAM authentication plugin
      • SSL improvements
      • Server variables
      • FIDO authentication plugin
      • Encryption functions
        • Data at Rest Encryption
        • Use the keyring component or keyring plugin
          • Using the Key Management Interoperability Protocol (KMIP)
          • Use the Amazon Key Management Service (AWS KMS)
          • Encrypt File-Per-Table Tablespace
          • Encrypt schema or general tablespace
          • Encrypt system tablespace
          • Encrypt temporary files
          • Encrypt Binary Log Files and Relay Log Files
          • Encrypting the Redo Log data
          • Encrypt the undo tablespace
          • Rotate the master key
          • Advanced encryption key rotation
          • Encrypt doublewrite buffers
          • Verify the encryption for tables, tablespaces, and schemas
      • Manage group replication flow control
      • Group replication system variables
      • Audit log plugin
      • Jemalloc memory allocation profiling
      • User statistics
      • Slow query log
      • Process list
      • Misc. INFORMATION_SCHEMA tables
      • Use Percona Monitoring and Management (PMM) Advisors
      • Too many connections warning
      • Handle corrupted tables
      • Thread based profiling
      • Stacktrace
      • Libcoredumper
        • The Percona XtraDB storage engine
        • Improved MEMORY storage engine
        • Improved InnoDB I/O scalability
        • Enforcing storage engine
        • Extended show engine InnoDB status
        • Show storage engines
        • Compressed columns with dictionaries
        • InnoDB full-text search improvements
        • XtraDB changed page tracking
        • XtraDB performance improvements for I/O-bound highly-concurrent workloads
        • Multiple page asynchronous I/O requests
        • Prefix index queries optimization
        • Limit the estimation of records in a Query
        • InnoDB page fragmentation counters
        • Percona MyRocks introduction
        • Percona MyRocks installation guide
        • Updated supported features
        • MyRocks limitations
        • Differences between Percona MyRocks and Facebook MyRocks
        • MyRocks Information Schema tables
        • MyRocks server variables
        • MyRocks status variables
        • Gap locks detection
        • Data loading
        • Installing and configuring Percona Server for MySQL with ZenFS support
        • TokuDB introduction
        • TokuDB installation
        • Use TokuDB
        • Fast updates with TokuDB
        • TokuDB files and file types
        • TokuDB file management
        • TokuDB background ANALYZE TABLE
        • TokuDB variables
        • TokuDB status variables
        • TokuDB fractal tree indexing
        • TokuDB troubleshooting
        • TokuDB Performance Schema integration
        • Frequently asked questions
        • Migrate and removing the TokuDB storage engine
        • Percona TokuBackup
      • List of variables introduced in Percona Server for MySQL 8.0
      • List of features available in Percona Server for MySQL releases
      • Percona Server for MySQL feature comparison
      • Understand version numbers
      • Development of Percona Server for MySQL
      • Trademark policy
      • Index of INFORMATION_SCHEMA tables
      • Frequently asked questions
      • Copyright and licensing information
      • Glossary

    • Authentication system variables
      • authentication_ldap_sasl_bind_base_dn
      • authentication_ldap_sasl_bind_root_dn
      • authentication_ldap_sasl_bind_root_pwd
      • authentication_ldap_sasl_ca_path
      • authentication_ldap_sasl_fallback_server_host
      • authentication_ldap_sasl_fallback_server_port
      • authentication_ldap_sasl_group_role_mapping
      • authentication_ldap_sasl_group_search_attr
      • authentication_ldap_sasl_group_search_filter
      • authentication_ldap_sasl_init_pool_size
      • authentication_ldap_sasl_log_status
      • authentication_ldap_sasl_max_pool_size
      • authentication_ldap_sasl_server_host
      • authentication_ldap_sasl_server_port
      • authentication_ldap_sasl_ssl
      • authentication_ldap_sasl_tls
      • authentication_ldap_sasl_user_search_attr
      • authentication_ldap_simple_bind_base_dn
      • authentication_ldap_simple_bind_root_dn
      • authentication_ldap_simple_bind_root_pwd
      • authentication_ldap_simple_ca_path
      • authentication_ldap_simple_fallback_server_host
      • authentication_ldap_simple_fallback_server_port
      • authentication_ldap_simple_group_role_mapping
      • authentication_ldap_simple_group_search_attr
      • authentication_ldap_simple_group_search_filter
      • authentication_ldap_simple_init_pool_size
      • authentication_ldap_simple_log_status
      • authentication_ldap_simple_max_pool_size
      • authentication_ldap_simple_server_host
      • authentication_ldap_simple_server_port
      • authentication_ldap_simple_ssl
      • authentication_ldap_simple_tls
      • authentication_ldap_simple_user_search_attr

    LDAP authentication plugin system variables¶

    Authentication system variables¶

    Percona 8.0.30-22 adds LDAP_SASL variables and the fallback server variables for simple LDAP and SASL-based LDAP.

    Important

    These variables are tech preview. Before using these variables in production, we recommend that you test restoring production from physical backups in your environment, and also use the alternative backup method for redundancy.

    The installation adds the following variables:

    Variable name Description
    authentication_ldap_sasl_bind_base_dn Base distinguished name
    authentication_ldap_sasl_bind_root_dn Root distinguished name
    authentication_ldap_sasl_bind_root_dn_pwd Password for the root distinguished name
    authentication_ldap_sasl_ca_path Absolute path of the certificate authority
    authentication_ldap_sasl_fallback_server_host If the primary server is unavailable, the authentication plugin attempts to connect to the fallback server
    authentication_ldap_sasl_fallback_server_port The port number for the fallback server
    authentication_ldap_sasl_group_role_mapping A list of LDAP group names - MySQL role pairs
    authentication_ldap_sasl_group_search_attr Name of the attribute that specifies the group names in the LDAP directory entries
    authentication_ldap_sasl_group_search_filter Custom group search filter
    authentication_ldap_sasl_init_pool_size Initial size of the connection pool to the LDAP server
    authentication_ldap_sasl_log_status logging level
    authentication_ldap_sasl_max_pool_size Maximum size of the pool of connections to the LDAP server
    authentication_ldap_sasl_server_host LDAP server host
    authentication_ldap_sasl_server_port LDAP server TCP/IP port number
    authentication_ldap_sasl_ssl If plugin connections to the LDAP server use the SSL protocol (ldaps://)
    authentication_ldap_sasl_tls If plugin connections to the LDAP server are secured with STARTTLS (ldap://)
    authentication_ldap_sasl_user_search_attr Name of the attribute that specifies user names in the LDAP directory entries
    authentication_ldap_simple_bind_base_dn Base distinguished name
    authentication_ldap_simple_bind_root_dn Root distinguished name
    authentication_ldap_simple_bind_root_dn_pwd Password for the root distinguished name
    authentication_ldap_simple_ca_path Absolute path of the certificate authority
    authentication_ldap_simple_fallback_server_host If the primary server is unavailable, the authentication plugin attempts to connect to the fallback server
    authentication_ldap_simple_fallback_server_port The port number for the fallback server
    authentication_ldap_simple_group_role_mapping A list of LDAP group names - MySQL role pairs
    authentication_ldap_simple_group_search_attr Name of the attribute that specifies the group names in the LDAP directory entries
    authentication_ldap_simple_group_search_filter Custom group search filter
    authentication_ldap_simple_init_pool_size Initial size of the connection pool to the LDAP server
    authentication_ldap_simple_log_status logging level
    authentication_ldap_simple_max_pool_size Maximum size of the pool of connections to the LDAP server
    authentication_ldap_simple_server_host LDAP server host
    authentication_ldap_simple_server_port LDAP server TCP/IP port number
    authentication_ldap_simple_ssl If plugin connections to the LDAP server use the SSL protocol (ldaps://)
    authentication_ldap_simple_tls If plugin connections to the LDAP server are secured with STARTTLS (ldap://)
    authentication_ldap_simple_user_search_attr Name of the attribute that specifies user names in the LDAP directory entries

    The following variables are described in detail:

    authentication_ldap_sasl_bind_base_dn¶

    Option Description
    Command-line –authentication-ldap-sasl-bind-base-dn=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The base distinguished name (DN) for SASL-based LDAP authentication. You can limit the search scope by using the variable as the base of the search.

    authentication_ldap_sasl_bind_root_dn¶

    Option Description
    Command-line –authentication-ldap-sasl-bind-root-dn=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The root distiguished name (DN) used to authenticate SASL-based LDAP. When performing a search, this variable is used with authentication_ldap_sasl_bind_root_pwd as the authenticating credentials to the LDAP server.

    authentication_ldap_sasl_bind_root_pwd¶

    Option Description
    Command-line –authentication-ldap-sasl-bind-root-pwd=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The root password used to authenticate against SASL-based LDAP server. This variable is used with authentication_ldap_sasl_bind_root_dn.

    authentication_ldap_sasl_ca_path¶

    Option Description
    Command-line –authentication-ldap-sasl-ca_path=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The certificate authority’s absolute path used to verify the LDAP certificate.

    authentication_ldap_sasl_fallback_server_host¶

    Option Description
    Command-line –authentication-ldap-sasl-fallback-server-host
    Scope Global
    Dynamic Yes
    Type Sting
    Default NULL

    Use with authentication_ldap_sasl_fallback_server_port.

    If the primary server is unavailable, the authentication plugin attempts to connect to the fallback server and authenticate using that server.

    authentication_ldap_sasl_fallback_server_port¶

    Option Description
    Command-line –authentication-ldap-sasl-fallback-server-port
    Scope Global
    Dynamic Yes
    Type Integer
    Default NULL

    Use with authentication_ldap_sasl_fallback_server_host.

    If the primary server is unavailable, the authentication plugin attempts to connect to the fallback server and authenticate using that server.

    If the fallback server host has a value, and the fallback port is 0, users can specify multiple fallback servers.

    Use this format to specify multiple fallback servers: authentication_ldap_sasl_fallback_server_host="ldap(s)://host:port,ldap(s)://host2:port2, for example.

    authentication_ldap_sasl_group_role_mapping¶

    Option Description
    Command-line –authentication-ldap-sasl-group-role-mapping=value
    Scope Global
    Dynamic Yes
    Data type String
    Default Null

    When an LDAP user logs in, the server checks if the LDAP user is a member of the specified group. If the user is, then the server automatically grants the database server roles to the user.

    The variable has this format: <ldap_group>=<mysql_role>,<ldap_group2>=<mysql_role2>,.

    authentication_ldap_sasl_group_search_attr¶

    Option Description
    Command-line –authentication-ldap-sasl-group-search-attr=value
    Scope Global
    Dynamic Yes
    Data type String
    Default cn

    The attribute name that specifies group names in the LDAP directory entries for SASL-based LDAP authentication.

    authentication_ldap_sasl_group_search_filter¶

    Option Description
    Command-line –authentication-ldap-sasl-group-search-filter=value
    Scope Global
    Dynamic Yes
    Data type String
    Default (|(&(objectClass=posixGroup)(memberUid=%s))(&(objectClass=group)(member=%s)))

    The custom group search filter for SASL-based LDAP authentication.

    authentication_ldap_sasl_init_pool_size¶

    Option Description
    Command-line –authentication-ldap-sasl-init-pool-size=value
    Scope Global
    Dynamic Yes
    Data type Integer
    Default 10
    Minimum value 0
    Maximum value 32767
    Unit connections

    The initial size of the connection pool to the LDAP server for SASL-based LDAP authentication.

    authentication_ldap_sasl_log_status¶

    Option Description
    Command-line –authentication-ldap-sasl-log-status=value
    Scope Global
    Dynamic Yes
    Data type Integer
    Default 1
    Minimum value 1
    Maximum value 6

    The logging level for messages written to the error log for SASL-based LDAP authentication.

    authentication_ldap_sasl_max_pool_size¶

    Option Description
    Command-line –authentication-ldap-sasl-max-pool-size=value
    Scope Global
    Dynamic Yes
    Data type Integer
    Default 1000
    Minimum value 0
    Maximum value 32767
    Unit connections

    The maximum connection pool size to the LDAP server in SASL-based LDAP authentication. The variable is used with authentication_ldap_sasl_init_pool_size.

    authentication_ldap_sasl_server_host¶

    Option Description
    Command-line –authentication-ldap-sasl-server-host=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The LDAP server host used for SASL-based LDAP authentication. The LDAP server host can be an IP address or a host name.

    authentication_ldap_sasl_server_port¶

    Option Description
    Command-line –authentication-ldap-sasl-server-port=value
    Scope Global
    Dynamic Yes
    Data type Integer
    Default 389
    Minimum value 1
    Maximum value 32376

    The LDAP server TCP/IP port number used for SASL-based LDAP authentication.

    authentication_ldap_sasl_ssl¶

    Option Description
    Command-line –authentication-ldap-sasl-ssl=value
    Scope Global
    Dynamic Yes
    Data type Boolean
    Default OFF

    If this variable is enabled, the plugin connects to the server with SSL.

    authentication_ldap_sasl_tls¶

    Option Description
    Command-line –authentication-ldap-sasl-tls=value
    Scope Global
    Dynamic Yes
    Data type Boolean
    Default OFF

    If this variable is enabled, the plugin connects to the server with TLS.

    authentication_ldap_sasl_user_search_attr¶

    Option Description
    Command-line –authentication-ldap-sasl-user-search-attr=value
    Scope Global
    Dynamic Yes
    Data type String
    Default uid

    The attribute name that specifies the user names in LDAP directory entries in SASL-based LDAP authentication.

    authentication_ldap_simple_bind_base_dn¶

    Option Description
    Command-line –authentication-ldap-simple-bind-base-dn=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The base distinguished name (DN) for simple LDAP authentication. You can limit the search scope by using the variable as the base of the search.

    authentication_ldap_simple_bind_root_dn¶

    Option Description
    Command-line –authentication-ldap-simple-bind-root-dn=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The root distinguished name (DN) used to authenticate simple LDAP. When performing a search, this variable is used with authentication_ldap_simple_bind_root_pwd as the authenticating credentials to the LDAP server.

    authentication_ldap_simple_bind_root_pwd¶

    Option Description
    Command-line –authentication-ldap-simple-bind-root-pwd=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The root password used to authenticate against simple LDAP server. This variable is used with authentication_ldap_simple_bind_root_dn.

    authentication_ldap_simple_ca_path¶

    Option Description
    Command-line –authentication-ldap-simple-ca_path=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The certificate authority’s absolute path used to verify the LDAP certificate.

    authentication_ldap_simple_fallback_server_host¶

    Option Description
    Command-line –authentication-ldap-simple-fallback-server-host
    Scope Global
    Dynamic Yes
    Type Sting
    Default NULL

    Use with authentication_ldap_simple_fallback_server_port.

    If the primary server is unavailable, the authentication plugin attempts to connect to the fallback server and authenticate using that server.

    authentication_ldap_simple_fallback_server_port¶

    Option Description
    Command-line –authentication-ldap-simple-fallback-server-port
    Scope Global
    Dynamic Yes
    Type Integer
    Default NULL

    Use with authentication_ldap_simple_fallback_server_host.

    If the primary server is unavailable, the authentication plugin attempts to connect to the fallback server and authenticate using that server.

    If the fallback server host has a value, and the fallback port is 0, users can specify multiple fallback servers.

    Use this format to specify multiple fallback servers: authentication_ldap_simple_fallback_server_host="ldap(s)://host:port,ldap(s)://host2:port2, for example.

    authentication_ldap_simple_group_role_mapping¶

    Option Description
    Command-line –authentication-ldap-simple-group-role-mapping=value
    Scope Global
    Dynamic Yes
    Data type String
    Default Null

    When an LDAP user logs in, the server checks if the LDAP user is a member of the specified group. If the user is, then the server automatically grants the database server roles to the user.

    The variable has this format: <ldap_group>=<mysql_role>,<ldap_group2>=<mysql_role2>,.

    authentication_ldap_simple_group_search_attr¶

    Option Description
    Command-line –authentication-ldap-simple-group-search-attr=value
    Scope Global
    Dynamic Yes
    Data type String
    Default cn

    The attribute name that specifies group names in the LDAP directory entries for simple LDAP authentication.

    authentication_ldap_simple_group_search_filter¶

    Option Description
    Command-line –authentication-ldap-simple-group-search-filter=value
    Scope Global
    Dynamic Yes
    Data type String
    Default (|(&(objectClass=posixGroup)(memberUid=%s))(&(objectClass=group)(member=%s)))

    The custom group search filter for simple LDAP authentication.

    authentication_ldap_simple_init_pool_size¶

    Option Description
    Command-line –authentication-ldap-simple-init-pool-size=value
    Scope Global
    Dynamic Yes
    Data type Integer
    Default 10
    Minimum value 0
    Maximum value 32767
    Unit connections

    The initial size of the connection pool to the LDAP server for simple LDAP authentication.

    authentication_ldap_simple_log_status¶

    Option Description
    Command-line –authentication-ldap-simple-log-status=value
    Scope Global
    Dynamic Yes
    Data type Integer
    Default 1
    Minimum value 1
    Maximum value 6

    The logging level for messages written to the error log for simple LDAP authentication.

    authentication_ldap_simple_max_pool_size¶

    Option Description
    Command-line –authentication-ldap-simple-max-pool-size=value
    Scope Global
    Dynamic Yes
    Data type Integer
    Default 1000
    Minimum value 0
    Maximum value 32767
    Unit connections

    The maximum connection pool size to the LDAP server in simple LDAP authentication. The variable is used with authentication_ldap_simple_init_pool_size.

    authentication_ldap_simple_server_host¶

    Option Description
    Command-line –authentication-ldap-simple-server-host=value
    Scope Global
    Dynamic Yes
    Data type String
    Default NULL

    The LDAP server host used for simple LDAP authentication. The LDAP server host can be an IP address or a host name.

    authentication_ldap_simple_server_port¶

    Option Description
    Command-line –authentication-ldap-simple-server-port=value
    Scope Global
    Dynamic Yes
    Data type Integer
    Default 389
    Minimum value 1
    Maximum value 32376

    The LDAP server TCP/IP port number used for simple LDAP authentication.

    authentication_ldap_simple_ssl¶

    Option Description
    Command-line –authentication-ldap-simple-ssl=value
    Scope Global
    Dynamic Yes
    Data type Boolean
    Default OFF

    If this variable is enabled, the plugin connects to the server with SSL.

    authentication_ldap_simple_tls¶

    Option Description
    Command-line –authentication-ldap-simple-tls=value
    Scope Global
    Dynamic Yes
    Data type Boolean
    Default OFF

    If this variable is enabled, the plugin connects to the server with TLS.

    authentication_ldap_simple_user_search_attr¶

    Option Description
    Command-line –authentication-ldap-simple-user-search-attr=value
    Scope Global
    Dynamic Yes
    Data type String
    Default uid

    The attribute name that specifies the user names in LDAP directory entries in simple LDAP authentication.

    Contact us

    For free technical help, visit the Percona Community Forum.

    To report bugs or submit feature requests, open a JIRA ticket.

    For paid support and managed or consulting services , contact Percona Sales.


    Last update: 2023-01-12
    Percona LLC and/or its affiliates, © 2023
    Made with Material for MkDocs

    Cookie consent

    We use cookies to recognize your repeated visits and preferences, as well as to measure the effectiveness of our documentation and whether users find what they're searching for. With your consent, you're helping us to make our documentation better.