Documenting the new feature in AttributeAddFromLDAP.

git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3373 44740490-163a-0410-bde0-09ae8108e29a
2014-02-21 10:30:00 +00:00 · 2014-02-21 10:30:00 +00:00 · 85512e67a1
parent a41757c47e
commit 85512e67a1
1 changed files with 16 additions and 39 deletions
--- a/modules/ldap/docs/ldap.txt
+++ b/modules/ldap/docs/ldap.txt
@ -239,26 +239,15 @@ specific configuration options:
 	50 = array(
 		'class' => 'ldap:AttributeAddFromLDAP',

-
 		/**
-		 * The attribute name used when adding the LDAP values
-		 * to the request attributes.
+		 * The attributes to search for and their mappings. This must be an array,
+		 * and keys can be skipped. If you skip a key, then the attribute will be
+		 * exported with the same name as the LDAP attribute.
 		 *
 		 * Default: NULL
-		 * Require: Yes
+		 * Required: Yes
 		 */
-		'attribute.new' => 'my_ldap_attrib',
-
-
-		/**
-		 * When searching LDAP, this is the attribute to retrieve
-		 * and add to the request attributes.
-		 *
-		 * Default: NULL
-		 * Require: Yes
-		 */
-		'search.attribute' => 'displayName',
-
+		'attributes' => array('mail', 'jpegPhoto' => 'jpegphoto'),

 		/**
 		 * The search filter to find the user in LDAP.
@ -269,29 +258,19 @@ specific configuration options:
 		 *       with the CN of the user.
 		 *
 		 * Default: NULL
-		 * Require: Yes
+		 * Required: Yes
 		 */
-		'search.filter' => '(uniquemember=cn=%cn%,cn=users,cn=example,dc=org)',
+		'search.filter' => '(uid=%uid%)',
 	);


 ### Backwards Compatibility ###

-The filter option names have recently changed, however the old config names will be
-converted to the new names automatically. That way any existing/older config's
-should still work. Below are the old config names and their new names:
-
-    array(
-        'ldap_host'             => 'ldap.hostname',
-        'ldap_port'             => 'ldap.port',
-        'ldap_bind_user'        => 'ldap.username',
-        'ldap_bind_pwd'         => 'ldap.password',
-        'userid_attribute'      => 'attribute.username',
-        'ldap_search_base_dn'   => 'ldap.basedn',
-        'ldap_search_filter'    => 'search.filter',
-        'ldap_search_attribute' => 'search.attribute',
-        'new_attribute_name'    => 'attribute.new'
-    )
+Previous versions of this filter allowed just one attribute to be fetched from the
+LDAP at a time. The options 'attribute.new' and 'search.attribute' were used instead
+of the new option 'attributes'. Fortunately, the filter is backwards compatible, so
+your old configuration will still work, but keep in mind that the old configuration
+style is deprecated now and will be removed in 2.0.


 ### Example ###
@ -303,9 +282,8 @@ the specific attribute.
 	50 => array(
 		'class' => 'ldap:AttributeAddUsersGroups',
 		'authsource' => 'example-ldap',
-		'attribute.new' => 'my_ldap_attribute',
-		'search.attribute' => 'displayName',
-		'search.filter' => '(uniquemember=cn=%cn%,cn=users,cn=example,dc=org)'
+		'attributes' => array('displayName' => 'cn', 'jpegPhoto'),
+		'search.filter' => '(uid=%uid%)',
 	)

 If no authsource is available then you can specify the connection info
@ -318,9 +296,8 @@ required, see the config options for ldap:AttributeAddUsersGroups below.
 		'ldap.username' => 'CN=LDAP User,CN=Users,DC=example,DC=org',
 		'ldap.password' => 'Abc123',
 		'ldap.basedn' => 'DC=example,DC=org',
-		'attribute.new' => 'my_ldap_attribute',
-		'search.attribute' => 'displayName',
-		'search.filter' => '(uniquemember=cn=%cn%,cn=users,cn=example,dc=org)'
+		'attributes' => array('displayName' => 'cn', 'jpegPhoto'),
+		'search.filter' => '(uid=%uid%)',
 	)