Documenting the new feature in AttributeAddFromLDAP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3373 44740490-163a-0410-bde0-09ae8108e29a

Documenting the new feature in AttributeAddFromLDAP.
e8799056 · Jaime Pérez Crespo · d3b23ac6 · e8799056
Commit e8799056 authored 11 years ago by Jaime Pérez Crespo
--- a/modules/ldap/docs/ldap.txt
+++ b/modules/ldap/docs/ldap.txt
@@ -239,26 +239,15 @@ specific configuration options:
 	50 = array(
 		'class' => 'ldap:AttributeAddFromLDAP',
 		/**
-		 * The attribute name used when adding the LDAP values
+		 * The attributes to search for and their mappings. This must be an array,
-		 * to the request attributes.
+		 * and keys can be skipped. If you skip a key, then the attribute will be
+		 * exported with the same name as the LDAP attribute.
 		 *
 		 * Default: NULL
-		 * Require: Yes
+		 * Required: Yes
 		 */
-		'attribute.new' => 'my_ldap_attrib',
+		'attributes' => array('mail', 'jpegPhoto' => 'jpegphoto'),
-		/**
-		 * When searching LDAP, this is the attribute to retrieve
-		 * and add to the request attributes.
-		 *
-		 * Default: NULL
-		 * Require: Yes
-		 */
-		'search.attribute' => 'displayName',
 		/**
 		 * The search filter to find the user in LDAP.
@@ -269,29 +258,19 @@ specific configuration options:
 		 *       with the CN of the user.
 		 *
 		 * Default: NULL
-		 * Require: Yes
+		 * Required: Yes
 		 */
-		'search.filter' => '(uniquemember=cn=%cn%,cn=users,cn=example,dc=org)',
+		'search.filter' => '(uid=%uid%)',
 	);
 ### Backwards Compatibility ###
-The filter option names have recently changed, however the old config names will be
+Previous versions of this filter allowed just one attribute to be fetched from the
-converted to the new names automatically. That way any existing/older config's
+LDAP at a time. The options 'attribute.new' and 'search.attribute' were used instead
-should still work. Below are the old config names and their new names:
+of the new option 'attributes'. Fortunately, the filter is backwards compatible, so
+your old configuration will still work, but keep in mind that the old configuration
-    array(
+style is deprecated now and will be removed in 2.0.
-        'ldap_host'             => 'ldap.hostname',
-        'ldap_port'             => 'ldap.port',
-        'ldap_bind_user'        => 'ldap.username',
-        'ldap_bind_pwd'         => 'ldap.password',
-        'userid_attribute'      => 'attribute.username',
-        'ldap_search_base_dn'   => 'ldap.basedn',
-        'ldap_search_filter'    => 'search.filter',
-        'ldap_search_attribute' => 'search.attribute',
-        'new_attribute_name'    => 'attribute.new'
-    )
 ### Example ###
@@ -303,9 +282,8 @@ the specific attribute.
 	50 => array(
 		'class' => 'ldap:AttributeAddUsersGroups',
 		'authsource' => 'example-ldap',
-		'attribute.new' => 'my_ldap_attribute',
+		'attributes' => array('displayName' => 'cn', 'jpegPhoto'),
-		'search.attribute' => 'displayName',
+		'search.filter' => '(uid=%uid%)',
-		'search.filter' => '(uniquemember=cn=%cn%,cn=users,cn=example,dc=org)'
 	)
 If no authsource is available then you can specify the connection info
@@ -318,9 +296,8 @@ required, see the config options for ldap:AttributeAddUsersGroups below.
 		'ldap.username' => 'CN=LDAP User,CN=Users,DC=example,DC=org',
 		'ldap.password' => 'Abc123',
 		'ldap.basedn' => 'DC=example,DC=org',
-		'attribute.new' => 'my_ldap_attribute',
+		'attributes' => array('displayName' => 'cn', 'jpegPhoto'),
-		'search.attribute' => 'displayName',
+		'search.filter' => '(uid=%uid%)',
-		'search.filter' => '(uniquemember=cn=%cn%,cn=users,cn=example,dc=org)'
 	)