summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docker-compose.yml6
-rwxr-xr-xsnap-src/bin/config8
-rwxr-xr-xsnap-src/bin/wekan-help2
-rw-r--r--torodb-postgresql/docker-compose.yml18
4 files changed, 19 insertions, 15 deletions
diff --git a/docker-compose.yml b/docker-compose.yml
index ea5ffe99..54e50ce2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -509,18 +509,22 @@ services:
# The limit number of entries (0=unlimited)
#- LDAP_SEARCH_SIZE_LIMIT=0
#
- # Enable group filtering
+ # Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap.
#- LDAP_GROUP_FILTER_ENABLE=false
#
# The object class for filtering. Example: group
#- LDAP_GROUP_FILTER_OBJECTCLASS=
#
+ # The attribute of a group identifying it. Example: cn
#- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
#
+ # The attribute inside a group object listing its members. Example: member
#- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
#
+ # The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE. Example: 'dn' if the users dn ist saved as value into the attribute.
#- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
#
+ # The group name (id) that matches all users.
#- LDAP_GROUP_FILTER_GROUP_NAME=
#
# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid
diff --git a/snap-src/bin/config b/snap-src/bin/config
index e7305bb2..3fc786fb 100755
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@@ -338,19 +338,19 @@ DESCRIPTION_LDAP_GROUP_FILTER_OBJECTCLASS="The object class for filtering"
DEFAULT_LDAP_GROUP_FILTER_OBJECTCLASS=""
KEY_LDAP_GROUP_FILTER_OBJECTCLASS="ldap-group-filter-objectclass"
-DESCRIPTION_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="ldap-group-filter-id-attribute. Default: ''"
+DESCRIPTION_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="The attribute of a group identifying it. Default: ''"
DEFAULT_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=""
KEY_LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE="ldap-group-filter-id-attribute"
-DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="ldap-group-filter-member-attibute. Default: ''"
+DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="The attribute inside a group object listing its members. Default: ''"
DEFAULT_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=""
KEY_LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE="ldap-group-filter-member-attribute"
-DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="ldap-group-filter-group-member-format. Default: ''"
+DESCRIPTION_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="The format of the value of ldap-group-filter-member-attribute (e.g. 'dn' if the user's dn ist saved as value into the attribute). Default: ''"
DEFAULT_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=""
KEY_LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT="ldap-group-filter-member-format"
-DESCRIPTION_LDAP_GROUP_FILTER_GROUP_NAME="ldap-group-filter-group-name. Default: ''"
+DESCRIPTION_LDAP_GROUP_FILTER_GROUP_NAME="The group name (id) that matches all users. Default: ''"
DEFAULT_LDAP_GROUP_FILTER_GROUP_NAME=""
KEY_LDAP_GROUP_FILTER_GROUP_NAME="ldap-group-filter-group-name"
diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help
index b925afeb..1d6d87a1 100755
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -356,7 +356,7 @@ echo -e "Ldap Search Size Limit."
echo -e "The limit number of entries (0=unlimited):"
echo -e "\t$ snap set $SNAP_NAME ldap-search-size-limit='12345'"
echo -e "\n"
-echo -e "Ldap Group Filter Enable."
+echo -e "Ldap Group Filter Enable. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap."
echo -e "Enable group filtering:"
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-enable='true'"
echo -e "\n"
diff --git a/torodb-postgresql/docker-compose.yml b/torodb-postgresql/docker-compose.yml
index 7dbc2049..d741d1a1 100644
--- a/torodb-postgresql/docker-compose.yml
+++ b/torodb-postgresql/docker-compose.yml
@@ -446,7 +446,7 @@ services:
# example : LDAP_SEARCH_SIZE_LIMIT=12345
#- LDAP_SEARCH_SIZE_LIMIT=0
#
- # LDAP_GROUP_FILTER_ENABLE : Enable group filtering
+ # LDAP_GROUP_FILTER_ENABLE : Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap
# example : LDAP_GROUP_FILTER_ENABLE=true
#- LDAP_GROUP_FILTER_ENABLE=false
#
@@ -454,20 +454,20 @@ services:
# example : LDAP_GROUP_FILTER_OBJECTCLASS=group
#- LDAP_GROUP_FILTER_OBJECTCLASS=
#
- # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
- # example :
+ # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : The attribute of a group identifying it
+ # example : LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
#- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
#
- # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
- # example :
+ # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : The attribute inside a group object listing its members
+ # example : member
#- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
#
- # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
- # example :
+ # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE
+ # example : dn
#- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
#
- # LDAP_GROUP_FILTER_GROUP_NAME :
- # example :
+ # LDAP_GROUP_FILTER_GROUP_NAME : The group name (id) that matches all users
+ # example : wekan_users
#- LDAP_GROUP_FILTER_GROUP_NAME=
#
# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-02 08:03:24 +0000