From 4db1fc14f33af6a880a3ee0b7ad7d8cf00ad995c Mon Sep 17 00:00:00 2001 From: Jacob Champion Date: Wed, 22 May 2024 06:51:53 -0700 Subject: [PATCH 1/2] docs: explain how to use ldapurl with simple bind The docs currently imply that ldapurl is for search+bind only, but that's not true. --- doc/src/sgml/client-auth.sgml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index cf5eb22fc8..3abbdd6791 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1911,13 +1911,19 @@ omicron bryanh guest1 + + + + + The following option may be used as an alternative way to write some of the + above LDAP options in a more compact and standard form: + ldapurl An RFC 4516 - LDAP URL. This is an alternative way to write some of the - other LDAP options in a more compact and standard form. The format is + LDAP URL. The format is ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]] @@ -1959,7 +1965,8 @@ ldap[s]://host[:port]/ It is an error to mix configuration options for simple bind with options - for search+bind. + for search+bind. To use ldapurl in simple bind mode, the + URL must not contain a basedn or query elements. @@ -1995,6 +2002,16 @@ host ... ldap ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=exam succeeds, the database access is granted. + + Here is a different simple-bind configuration, which uses the LDAPS scheme + and a custom port number, written as a URL: + +host ... ldap ldapurl="ldaps://ldap.example.net:49151" ldapprefix="cn=" ldapsuffix=", dc=example, dc=net" + + This is slightly more compact than specifying ldapserver, + ldapscheme, and ldapport separately. + + Here is an example for a search+bind configuration: -- 2.34.1