Documentation: LDAP connector documentation. #690
Conversation
rithujohn191
force-pushed
the
connector-docs
branch
from
cf561f0 to
2f6a457
Compare
| @@ -0,0 +1,86 @@ | |||
| # Overview of the `ldap` Connector | |||
|
|
|||
| The `ldap` connector allows email/password based authentication hosted by dex, backed by a LDAP directory. All the configuration parameters required by the `ldap` connector are held in [Config struct](../connector/ldap/ldap.go). | |||
There was a problem hiding this comment.
Don't need hosted by dex
| 1. Finding the user based on the end user's credentials. | ||
| 2. Searching for groups using the user entry. | ||
|
|
||
| User entries are expected to have an email attribute (configurable through "emailAttr"), and a display name attribute (configurable through "nameAttr"). |
There was a problem hiding this comment.
emaliAttr and nameAttr (use a backquote)
| @@ -0,0 +1,86 @@ | |||
| # Overview of the `ldap` Connector | |||
There was a problem hiding this comment.
Title should be something like "Authentication through LDAP"
Then we would have a ## Overview subsection
|
|
||
| User entries are expected to have an email attribute (configurable through "emailAttr"), and a display name attribute (configurable through "nameAttr"). | ||
|
|
||
| ### Setting the Configuration |
There was a problem hiding this comment.
This can just be combined with the next section. Also we can probably just use "Configuration" as the header. Also two "#", not three.
|
|
||
| ### Example: User authentication | ||
|
|
||
| The following is an example config file that can be used by the `ldap` connector to submit a [SearchRequest](https://godoc.org/gopkg.in/ldap.v2#SearchRequest) to authenticate a user. |
There was a problem hiding this comment.
We don't want to refer to the upstream client. It's an implementation detail that we don't expose.
| # insecureNoSSL: true | ||
| # Default: use the host's root CA set. | ||
| rootCA: /etc/dex/ldap.ca | ||
| # DN to bind as for search operations. |
There was a problem hiding this comment.
Note that these are optional and not required if your LDAP server provides sufficient access for anonymous auth.
| # Required. Attribute to map to Email. | ||
| emailAttr: mail | ||
| # Maps to display name of users. | ||
| nameAttr: name |
|
|
||
| ```yaml | ||
|
|
||
| connectors: |
There was a problem hiding this comment.
Un-indent this so users can just copy paste it into their config.
|
|
||
| ### Setting the Configuration | ||
|
|
||
| To set the `ldap` connector configuration in dex, create a config file at `example/config-ldap.yaml`, then use the following command to start an instance of dex: |
There was a problem hiding this comment.
We don't need to explain this here. This should be something like "in your dex config file" with a link to the getting started guide. https://github.com/coreos/dex/blob/master/Documentation/getting-started.md
| bindPW: password | ||
| userSearch: | ||
| # Would translate to the query "(&(objectClass=person)(uid=<username>))". | ||
| baseDN: cn=users,dc=example,dc=com |
There was a problem hiding this comment.
We need to comment these fields waaaay more.
rithujohn191
force-pushed
the
connector-docs
branch
from
2f6a457 to
8161cc8
Compare
|
YAML does not allow extra lines between attributes :( |
|
|
||
| ## Overview | ||
|
|
||
| The LDAP connector allows email/password based authentication, backed by a LDAP directory. All the configuration parameters required by the connector are held in [Config struct](../connector/ldap/ldap.go). |
There was a problem hiding this comment.
We don't need to link to source code here. Probably just cut the second sentence.
| 1. Finding the user based on the end user's credentials. | ||
| 2. Searching for groups using the user entry. | ||
|
|
||
| ## Example: User authentication |
There was a problem hiding this comment.
Just name this section Configuration
|
|
||
| User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). The following is an example config file that can be used by the LDAP connector to authenticate a user. | ||
|
|
||
| ```yaml |
There was a problem hiding this comment.
For inline comments, don't add a newline a the end of every sentence, add it add it at about 80 characters.
For example, don't do this:
# The DN and password for an application service account.
# The connector uses these credentials to search for users and groups.
# Optional. Not required if the LDAP server provides access for anonymous auth.
Do this:
# The DN and password for an application service account. The connector uses
# these credentials to search for users and groups. Not required if the LDAP
# server provides access for anonymous auth.
8161cc8 to
282f9eb
Compare
|
I've found that the |
|
Ah you're totally right, I think we even check that earlier now that #686 is in. |
rithujohn191
force-pushed
the
connector-docs
branch
from
282f9eb to
c057460
Compare
|
Thanks @Calpicow |
rithujohn191
force-pushed
the
connector-docs
branch
from
c057460 to
8589650
Compare
|
lgtm |
No description provided.