From 24d415280a71c7524a65fcd60cbf9123283b4e85 Mon Sep 17 00:00:00 2001
From: kakwa <carpentier.pf@gmail.com>
Date: Mon, 15 Jun 2015 07:27:32 +0200
Subject: [PATCH] adding parameters for group attributes + comments

---
 conf/ldapcherry.ini | 39 ++++++++++++++++++++++++++++++---------
 1 file changed, 30 insertions(+), 9 deletions(-)

diff --git a/conf/ldapcherry.ini b/conf/ldapcherry.ini
index 57d2b34..d64a1dd 100644
--- a/conf/ldapcherry.ini
+++ b/conf/ldapcherry.ini
@@ -66,22 +66,43 @@ roles.file = '/etc/ldapcherry/roles.yml'
 
 [backends]
 
+# name of the module
 ldap.module = 'ldapcherry.backend.backendLdap'
-ldap.groupdn = 'ou=groups,dc=example,dc=org'
-ldap.userdn = 'ou=people,dc=example,dc=org'
-ldap.binddn = 'cn=ldapcherry,dc=example,dc=org'
-ldap.password = 'password'
+
+# uri of the ldap directory
 ldap.uri = 'ldaps://ldap.ldapcherry.org'
+# ca to use for ssl/tls connexion
 ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
+# use start tls
 ldap.starttls = 'off'
+# check server certificate (for tls)
 ldap.checkcert = 'off'
-ldap.user_filter_tmpl = '(uid=%(username)s)'
-ldap.group_filter_tmpl = '(member=%(username)s)'
-ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
-ldap.objectclasses = 'top, person, organizationalPerson, user'
-ldap.dn_user_attr = 'uid'
+# bind dn to the ldap
+ldap.binddn = 'cn=ldapcherry,dc=example,dc=org'
+# password of the bind dn
+ldap.password = 'password'
+# timeout of ldap connexion (in second)
 ldap.timeout = 1
 
+# groups dn
+ldap.groupdn = 'ou=groups,dc=example,dc=org'
+# users dn
+ldap.userdn = 'ou=people,dc=example,dc=org'
+# ldapsearch filter to get a user
+ldap.user_filter_tmpl = '(uid=%(username)s)'
+# ldapsearch filter to get groups of a user
+ldap.group_filter_tmpl = '(member=%(username)s)'
+# filter to search users
+ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
+
+# ldap group attributes and how to fill them
+ldap.group_attr.uniqMember = "%(dn)s"
+ldap.group_attr.memberUid = "%(uid)s"
+# object classes of a user entry
+ldap.objectclasses = 'top, person, organizationalPerson, user'
+# dn entry attribute for an ldap user
+ldap.dn_user_attr = 'uid'
+
 
 ad.module = 'ldapcherry.backend.backendSamba4'
 ad.auth = 'Administrator'