Added some descriptions for ldap-group authentication

2025-04-23 13:37:09 -04:00 · 2020-03-14 15:38:19 +01:00 · 2020-03-14 15:38:19 +01:00 · 0b8f1cabef
commit 0b8f1cabef
parent e80d3ac79a
4 changed files with 19 additions and 15 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -509,18 +509,22 @@ services:
      # The limit number of entries (0=unlimited)
      #- LDAP_SEARCH_SIZE_LIMIT=0
      #
-      # Enable group filtering
+      # Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap.
      #- LDAP_GROUP_FILTER_ENABLE=false
      #
      # The object class for filtering. Example: group
      #- LDAP_GROUP_FILTER_OBJECTCLASS=
      #
+      # The attribute of a group identifying it. Example: cn
      #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
      #
+      # The attribute inside a group object listing its members. Example: member
      #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
      #
+      # The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE. Example: 'dn' if the users dn ist saved as value into the attribute.
      #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
      #
+      # The group name (id) that matches all users.
      #- LDAP_GROUP_FILTER_GROUP_NAME=
      #
      # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@ -338,19 +338,19 @@ DESCRIPTION_LDAP_GROUP_FILTER_OBJECTCLASS="The object class for filtering"
 DEFAULT_LDAP_GROUP_FILTER_OBJECTCLASS=""
 KEY_LDAP_GROUP_FILTER_OBJECTCLASS="ldap-group-filter-objectclass"

-DESCRIPTION_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="ldap-group-filter-id-attribute. Default: ''"
+DESCRIPTION_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="The attribute of a group identifying it. Default: ''"
 DEFAULT_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=""
 KEY_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="ldap-group-filter-id-attribute"

-DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="ldap-group-filter-member-attibute. Default: ''"
+DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="The attribute inside a group object listing its members. Default: ''"
 DEFAULT_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=""
 KEY_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="ldap-group-filter-member-attribute"

-DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="ldap-group-filter-group-member-format. Default: ''"
+DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="The format of the value of ldap-group-filter-member-attribute (e.g. 'dn' if the user's dn ist saved as value into the attribute).  Default: ''"
 DEFAULT_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=""
 KEY_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="ldap-group-filter-member-format"

-DESCRIPTION_LDAP_GROUP_FILTER_GROUP_NAME="ldap-group-filter-group-name. Default: ''"
+DESCRIPTION_LDAP_GROUP_FILTER_GROUP_NAME="The group name (id) that matches all users. Default: ''"
 DEFAULT_LDAP_GROUP_FILTER_GROUP_NAME=""
 KEY_LDAP_GROUP_FILTER_GROUP_NAME="ldap-group-filter-group-name"

--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@ -356,7 +356,7 @@ echo -e "Ldap Search Size Limit."
 echo -e "The limit number of entries (0=unlimited):"
 echo -e "\t$ snap set $SNAP_NAME ldap-search-size-limit='12345'"
 echo -e "\n"
-echo -e "Ldap Group Filter Enable."
+echo -e "Ldap Group Filter Enable. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap."
 echo -e "Enable group filtering:"
 echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-enable='true'"
 echo -e "\n"
--- a/torodb-postgresql/docker-compose.yml
+++ b/torodb-postgresql/docker-compose.yml
@ -446,7 +446,7 @@ services:
      # example : LDAP_SEARCH_SIZE_LIMIT=12345
      #- LDAP_SEARCH_SIZE_LIMIT=0
      #
-      # LDAP_GROUP_FILTER_ENABLE : Enable group filtering
+      # LDAP_GROUP_FILTER_ENABLE : Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap
      # example : LDAP_GROUP_FILTER_ENABLE=true
      #- LDAP_GROUP_FILTER_ENABLE=false
      #
@ -454,20 +454,20 @@ services:
      # example : LDAP_GROUP_FILTER_OBJECTCLASS=group
      #- LDAP_GROUP_FILTER_OBJECTCLASS=
      #
-      # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
-      # example :
+      # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : The attribute of a group identifying it
+      # example : LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
      #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
      #
-      # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
-      # example :
+      # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : The attribute inside a group object listing its members
+      # example : member
      #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
      #
-      # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
-      # example :
+      # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE
+      # example : dn
      #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
      #
-      # LDAP_GROUP_FILTER_GROUP_NAME :
-      # example :
+      # LDAP_GROUP_FILTER_GROUP_NAME : The group name (id) that matches all users
+      # example : wekan_users
      #- LDAP_GROUP_FILTER_GROUP_NAME=
      #
      # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)