Commitc62c8f8

nietonfir

committed

Explain the query_string ldap authentication provider configuration keys

1 parentee31b7f commitc62c8f8Copy full SHA for c62c8f8

File tree

2 files changed

+31

-5

lines changed

reference/configuration
- security.rst
security
- ldap.rst

2 files changed

+31

-5

lines changed

`‎reference/configuration/security.rst‎`

Lines changed: 7 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -142,9 +142,10 @@ Each part will be explained in the next section.`
`142`	`142`	`http_basic:`
`143`	`143`	`provider:some_key_from_above`
`144`	`144`	`http_basic_ldap:`
`145`		`-provider:some_key_from_above`
`146`		`-service:ldap`
`147`		`-dn_string:'{username}'`
	`145`	`+provider:some_key_from_above`
	`146`	`+service:ldap`
	`147`	`+dn_string:'{username}'`
	`148`	`+query_string:~`
`148`	`149`	`http_digest:`
`149`	`150`	`provider:some_key_from_above`
`150`	`151`	`guard:`
`@@ -237,8 +238,9 @@ Each part will be explained in the next section.`
`237`	`238`	`# new in Symfony 2.3`
`238`	`239`	`require_previous_session:true`
`239`	`240`
`240`		`-service:~`
`241`		`-dn_string:'{username}'`
	`241`	`+service:~`
	`242`	`+dn_string:'{username}'`
	`243`	`+query_string:~`
`242`	`244`
`243`	`245`	`remember_me:`
`244`	`246`	`token_provider:name`

`‎security/ldap.rst‎`

Lines changed: 24 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -270,6 +270,30 @@ For example, if your users have DN strings in the form`
`270`	`270`	``uid=einstein,dc=example,dc=com``, then the ``dn_string`` will be
`271`	`271`	``uid={username},dc=example,dc=com``.
`272`	`272`
	`273`	`+query_string`
	`274`	`+............`
	`275`	`+`
	`276`	+type: ``string``
	`277`	`+`
	`278`	`+This (optional) key enables the user provider to search for a user and`
	`279`	`+then use the DN found for the bind process. This is useful in environments`
	`280`	+with multiple LDAP user providers with a different ``base_dn``. As value
	`281`	+a valid search string for should be used, e.g. ``uid="{username}"``. The
	`282`	`+placeholder value will be replaced by the actual username.`
	`283`	`+`
	`284`	+When this key is used, ``dn_string`` has to be adjusted accordingly and
	`285`	`+should reflect a common denominator as base DN.`
	`286`	`+`
	`287`	`+Extending the previous example: If Your users have two different DN in the`
	`288`	+form of ``dc=companyA,dc=example,dc=com`` and ``dc=companyB,dc=example,dc=com``,
	`289`	+then ``dn_string`` should be ``dc=example,dc=com``. In conjunction with
	`290`	+``uid="{username}"`` as ``query_string`` the authentication provider can
	`291`	`+authenticate user from both DN.`
	`292`	`+`
	`293`	`+Please bear in mind, that the usernames themselves have to be unique`
	`294`	`+across both DN, as the authentication provider won't determine the`
	`295`	`+correct user for the bind process if more than one are found.`
	`296`	`+`
`273`	`297`	Examples are provided below, for both ``form_login_ldap`` and
`274`	`298`	``http_basic_ldap``.
`275`	`299`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitc62c8f8

File tree

2 files changed

2 files changed

`‎reference/configuration/security.rst‎`

`‎security/ldap.rst‎`

0 commit comments