Merge pull request #989 from rithujohn191/ldap-docs

Documentation: add a group query example for the ldap connector.
2017-07-17 11:27:55 -07:00 · 2017-07-17 11:27:55 -07:00 · b70f4c4f39
commit b70f4c4f39
parent 377d9b44b7 6f9127b4ae
1 changed files with 26 additions and 0 deletions
--- a/Documentation/ldap-connector.md
+++ b/Documentation/ldap-connector.md
@ -191,6 +191,32 @@ groupSearch:
  # Unique name of the group.
  nameAttr: cn
 ```
+To extract group specific information the `DN` can be used in the `userAttr` field.
+
+```
+# Top level object example.coma in LDIF file.
+dn: dc=example,dc=com
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+dc: example
+```
+
+The following is an example of a group query would match any entry with member=<user DN>:
+
+```yaml
+groupSearch:
+  # BaseDN to start the search from. It will translate to the query
+  # "(&(objectClass=group)(member=<user DN>))".
+  baseDN: cn=groups,cn=compat,dc=example,dc=com
+  # Optional filter to apply when searching the directory.
+  filter: "(objectClass=group)"
+
+  userAttr: DN # Use "DN" here not "uid"
+  groupAttr: member
+
+  nameAttr: name
+```

 ## Example: Searching a FreeIPA server with groups