From 41c80627219d8c5bde17b7e6e6fd0a505c685fca Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Wed, 22 May 2024 06:51:53 -0700 Subject: [PATCH v2 1/3] docs: explain how to use ldapurl with simple bind The docs currently imply that ldapurl is for search+bind only, but that's not true. --- doc/src/sgml/client-auth.sgml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index f1eb3b279e..51343de7ca 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1910,13 +1910,19 @@ omicron bryanh guest1 + + + + + The following option may be used as an alternative way to write some of the + above LDAP options in a more compact and standard form: + ldapurl An RFC 4516 - LDAP URL. This is an alternative way to write some of the - other LDAP options in a more compact and standard form. The format is + LDAP URL. The format is ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]] @@ -1958,7 +1964,8 @@ ldap[s]://host[:port]/ It is an error to mix configuration options for simple bind with options - for search+bind. + for search+bind. To use ldapurl in simple bind mode, the + URL must not contain a basedn or query elements. @@ -1994,6 +2001,16 @@ host ... ldap ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=exam succeeds, the database access is granted. + + Here is a different simple-bind configuration, which uses the LDAPS scheme + and a custom port number, written as a URL: + +host ... ldap ldapurl="ldaps://ldap.example.net:49151" ldapprefix="cn=" ldapsuffix=", dc=example, dc=net" + + This is slightly more compact than specifying ldapserver, + ldapscheme, and ldapport separately. + + Here is an example for a search+bind configuration: -- 2.34.1