From 0b8f1cabefe7508094780f53f53217c4a9d28284 Mon Sep 17 00:00:00 2001 From: Michael Wodniok Date: Sat, 14 Mar 2020 15:38:19 +0100 Subject: Added some descriptions for ldap-group authentication --- docker-compose.yml | 6 +++++- snap-src/bin/config | 8 ++++---- snap-src/bin/wekan-help | 2 +- torodb-postgresql/docker-compose.yml | 18 +++++++++--------- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ea5ffe99..54e50ce2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -509,18 +509,22 @@ services: # The limit number of entries (0=unlimited) #- LDAP_SEARCH_SIZE_LIMIT=0 # - # Enable group filtering + # Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap. #- LDAP_GROUP_FILTER_ENABLE=false # # The object class for filtering. Example: group #- LDAP_GROUP_FILTER_OBJECTCLASS= # + # The attribute of a group identifying it. Example: cn #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= # + # The attribute inside a group object listing its members. Example: member #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= # + # The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE. Example: 'dn' if the users dn ist saved as value into the attribute. #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= # + # The group name (id) that matches all users. #- LDAP_GROUP_FILTER_GROUP_NAME= # # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid diff --git a/snap-src/bin/config b/snap-src/bin/config index e7305bb2..3fc786fb 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -338,19 +338,19 @@ DESCRIPTION_LDAP_GROUP_FILTER_OBJECTCLASS="The object class for filtering" DEFAULT_LDAP_GROUP_FILTER_OBJECTCLASS="" KEY_LDAP_GROUP_FILTER_OBJECTCLASS="ldap-group-filter-objectclass" -DESCRIPTION_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="ldap-group-filter-id-attribute. Default: ''" +DESCRIPTION_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="The attribute of a group identifying it. Default: ''" DEFAULT_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="" KEY_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="ldap-group-filter-id-attribute" -DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="ldap-group-filter-member-attibute. Default: ''" +DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="The attribute inside a group object listing its members. Default: ''" DEFAULT_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="" KEY_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="ldap-group-filter-member-attribute" -DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="ldap-group-filter-group-member-format. Default: ''" +DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="The format of the value of ldap-group-filter-member-attribute (e.g. 'dn' if the user's dn ist saved as value into the attribute). Default: ''" DEFAULT_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="" KEY_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="ldap-group-filter-member-format" -DESCRIPTION_LDAP_GROUP_FILTER_GROUP_NAME="ldap-group-filter-group-name. Default: ''" +DESCRIPTION_LDAP_GROUP_FILTER_GROUP_NAME="The group name (id) that matches all users. Default: ''" DEFAULT_LDAP_GROUP_FILTER_GROUP_NAME="" KEY_LDAP_GROUP_FILTER_GROUP_NAME="ldap-group-filter-group-name" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index b925afeb..1d6d87a1 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -356,7 +356,7 @@ echo -e "Ldap Search Size Limit." echo -e "The limit number of entries (0=unlimited):" echo -e "\t$ snap set $SNAP_NAME ldap-search-size-limit='12345'" echo -e "\n" -echo -e "Ldap Group Filter Enable." +echo -e "Ldap Group Filter Enable. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap." echo -e "Enable group filtering:" echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-enable='true'" echo -e "\n" diff --git a/torodb-postgresql/docker-compose.yml b/torodb-postgresql/docker-compose.yml index 7dbc2049..d741d1a1 100644 --- a/torodb-postgresql/docker-compose.yml +++ b/torodb-postgresql/docker-compose.yml @@ -446,7 +446,7 @@ services: # example : LDAP_SEARCH_SIZE_LIMIT=12345 #- LDAP_SEARCH_SIZE_LIMIT=0 # - # LDAP_GROUP_FILTER_ENABLE : Enable group filtering + # LDAP_GROUP_FILTER_ENABLE : Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap # example : LDAP_GROUP_FILTER_ENABLE=true #- LDAP_GROUP_FILTER_ENABLE=false # @@ -454,20 +454,20 @@ services: # example : LDAP_GROUP_FILTER_OBJECTCLASS=group #- LDAP_GROUP_FILTER_OBJECTCLASS= # - # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : - # example : + # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : The attribute of a group identifying it + # example : LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= # - # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : - # example : + # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : The attribute inside a group object listing its members + # example : member #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= # - # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : - # example : + # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE + # example : dn #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= # - # LDAP_GROUP_FILTER_GROUP_NAME : - # example : + # LDAP_GROUP_FILTER_GROUP_NAME : The group name (id) that matches all users + # example : wekan_users #- LDAP_GROUP_FILTER_GROUP_NAME= # # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) -- cgit v1.2.3-1-g7c22