From f306593e6cd66497895a4ba885598c50a19a5b50 Mon Sep 17 00:00:00 2001 From: Philip Molares Date: Wed, 10 May 2023 14:50:48 +0200 Subject: [PATCH] docs: update ldap dev docs Signed-off-by: Philip Molares --- docs/content/config/index.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/content/config/index.md b/docs/content/config/index.md index 1fe9de571..02ac9fecd 100644 --- a/docs/content/config/index.md +++ b/docs/content/config/index.md @@ -88,23 +88,23 @@ The password score is calculated with [zxcvbn-ts][zxcvbn-ts-score]. ### LDAP -HedgeDoc can use an LDAP server to authenticate users. As HedgeDoc supports multiple LDAP servers, you first need to tell HedgeDoc the servers you want to configure (`HD_AUTH_LDAPS`), and then you need to provide a few variables for those LDAP servers depending on how you want to use them. -Each of those variables will contain the given name for this LDAP server. For example if you named your ldap server `MY_LDAP` all variables for this server will start with `HD_AUTH_LDAP_MY_LDAP`. +HedgeDoc can use one or multiple LDAP servers to authenticate users. To do this, you first need to tell HedgeDoc the names of servers you want to use (`HD_AUTH_LDAPS`), and then you need to provide the configuration for those LDAP servers depending on how you want to use them. +Each of those variables will contain the given name for this LDAP server. For example if you named your LDAP server `MY_LDAP` all variables for this server will start with `HD_AUTH_LDAP_MY_LDAP`. -| environment variable | default | example | description | -|--------------------------------------------|----------------------|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------| -| `HD_AUTH_LDAPS` | - | `MY_LDAP` | A comma-seperated list of LDAP servers HedgeDoc should use. | -| `HD_AUTH_LDAP_$NAME_PROVIDER_NAME` | `LDAP` | `My LDAP` | The name for the ldap server `$NAME`, that is shown in the UI of HegdeDoc. | -| `HD_AUTH_LDAP_$NAME_URL` | - | `https://ldap.example.com` | The url with which the LDAP server `$NAME` can be accessed. | -| `HD_AUTH_LDAP_$NAME_SEARCH_BASE` | - | `ou=users,dc=ldap,dc=example,dc=com` | The ldap search base which contains the user accounts on the ldap server `$NAME`. | -| `HD_AUTH_LDAP_$NAME_SEARCH_FILTER` | `(uid={{username}})` | `(&(uid={{username}})(objectClass=inetOrgPerson))` | A ldap search filter that filters the users that should have access on the ldap server `$NAME`. | -| `HD_AUTH_LDAP_$NAME_SEARCH_ATTRIBUTES` | - | `username,cn` | A comma-seperated list of attributes that the search filter from the ldap server `$NAME` should access. | -| `HD_AUTH_LDAP_$NAME_USERID_FIELD` | `uid` | `uid`, `uidNumber`, `sAMAccountName` | Which field of the user account should be used as an id for the user on the ldap server `$NAME`. | -| `HD_AUTH_LDAP_$NAME_DISPLAY_NAME_FIELD` | `displayName` | `displayName`, `name`, `cn` | Which field of the user account should be used as the display name for the user on the the ldap server `$NAME`. | -| `HD_AUTH_LDAP_$NAME_PROFILE_PICTURE_FIELD` | `jpegPhoto` | `jpegPhoto`, `thumbnailPhoto` | Which field of the user account should be used as the user image for the user on the the ldap server `$NAME`. | -| `HD_AUTH_LDAP_$NAME_BIND_DN` | - | `cn=admin,dc=ldap,dc=example,dc=com` | The dn to access the ldap server `$NAME`. | -| `HD_AUTH_LDAP_$NAME_BIND_CREDENTIALS` | - | `MyLdapPassword` | The credential to access the ldap server `$NAME`. | -| `HD_AUTH_LDAP_$NAME_TLS_CERT_PATHS` | - | `ldap-ca.pem` | A comma-seperated list of TLS certificates for the ldap server `$NAME`. | +| environment variable | default | example | description | +|--------------------------------------------|----------------------|----------------------------------------------------|---------------------------------------------------------------------------------------------------------------| +| `HD_AUTH_LDAPS` | - | `MY_LDAP` | A comma-seperated list of names of LDAP servers HedgeDoc should use. | +| `HD_AUTH_LDAP_$NAME_PROVIDER_NAME` | `LDAP` | `My LDAP` | The display name for the LDAP server, that is shown in the UI of HegdeDoc. | +| `HD_AUTH_LDAP_$NAME_URL` | - | `ldaps://ldap.example.com` | The url with which the LDAP server can be accessed. | +| `HD_AUTH_LDAP_$NAME_SEARCH_BASE` | - | `ou=users,dc=LDAP,dc=example,dc=com` | The LDAP search base which contains the user accounts on the LDAP server. | +| `HD_AUTH_LDAP_$NAME_SEARCH_FILTER` | `(uid={{username}})` | `(&(uid={{username}})(objectClass=inetOrgPerson))` | A LDAP search filter that filters the users that should have access. | +| `HD_AUTH_LDAP_$NAME_SEARCH_ATTRIBUTES` | - | `username,cn` | A comma-seperated list of attributes that the search filter from the LDAP server should access. | +| `HD_AUTH_LDAP_$NAME_USERID_FIELD` | `uid` | `uid`, `uidNumber`, `sAMAccountName` | The attribute of the user account which should be used as an id for the user. | +| `HD_AUTH_LDAP_$NAME_DISPLAY_NAME_FIELD` | `displayName` | `displayName`, `name`, `cn` | The attribute of the user account which should be used as the display name for the user. | +| `HD_AUTH_LDAP_$NAME_PROFILE_PICTURE_FIELD` | `jpegPhoto` | `jpegPhoto`, `thumbnailPhoto` | The attribute of the user account which should be used as the user image for the user. | +| `HD_AUTH_LDAP_$NAME_BIND_DN` | - | `cn=admin,dc=LDAP,dc=example,dc=com` | The dn which is used to perform the user search. If this is omitted then HedgeDoc will use an anonymous bind. | +| `HD_AUTH_LDAP_$NAME_BIND_CREDENTIALS` | - | `MyLdapPassword` | The credential to access the LDAP server. | +| `HD_AUTH_LDAP_$NAME_TLS_CERT_PATHS` | - | `LDAP-ca.pem` | A comma-seperated list of paths to TLS certificates for the LDAP server. | **ToDo:** Add other authentication methods.