From 29c16fb3e9ca2a710359efa292826088f318d08b Mon Sep 17 00:00:00 2001
From: David Yang <randomfire@gmail.com>
Date: Tue, 2 Feb 2016 12:12:41 -0800
Subject: [PATCH] - Added documentation to modules/ldap/docs/ldap.txt

---
 config-templates/authsources.php |  6 +++---
 modules/ldap/docs/ldap.txt       | 12 ++++++++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/config-templates/authsources.php b/config-templates/authsources.php
index 44a393355..1d44dc6d9 100644
--- a/config-templates/authsources.php
+++ b/config-templates/authsources.php
@@ -303,15 +303,15 @@ $config = array(
         // array of strings, in which case they will be searched in the order given.
         'search.base' => 'ou=people,dc=example,dc=org',
 
-        // Additional LDAP filters appended to the default search
-        'search.filter' => '(objectclass=inetorgperson)',
-
         // The attribute(s) the username should match against.
         //
         // This is an array with one or more attribute names. Any of the attributes in
         // the array may match the value the username.
         'search.attributes' => array('uid', 'mail'),
 
+        // Additional LDAP filters appended to the search attributes
+        'search.filter' => '(objectclass=inetorgperson)',
+
         // The username & password the SimpleSAMLphp should bind to before searching. If
         // this is left as NULL, no bind will be performed before searching.
         'search.username' => NULL,
diff --git a/modules/ldap/docs/ldap.txt b/modules/ldap/docs/ldap.txt
index 4a6e957ed..151db8876 100644
--- a/modules/ldap/docs/ldap.txt
+++ b/modules/ldap/docs/ldap.txt
@@ -71,6 +71,14 @@ authentication source:
 		 */
 		'search.attributes' => array('uid', 'mail'),
 
+		/*
+		 * Additional filters that must match for the entire LDAP search to be TRUE
+		 *
+		 * This should be a single string conforming to (RFC 1960, 2544)
+		 * The string is appended to the search attributes
+		 */
+		'search.filter' => '(&(objectClass=Person)(|(sn=Doe)(cn=John *)))',
+
 		/*
 		 * The username & password where SimpleSAMLphp should bind to before searching. If
 		 * this is left NULL, no bind will be performed before searching.
@@ -103,6 +111,10 @@ options. The `search.base`-option must be the `dn` which should be used
 as the base/root of the search. The `search.attributes`-option is an
 array with attributes the username should be matched against.
 
+You can also append the `search.filter` option to further limit your search.
+The `search.filter` field is optional and need not be included in your
+configuration file.
+
 The `dnpattern` option will not be used if searching is enabled.
 
 Some LDAP servers may require authentication before a search can be
-- 
GitLab