aboutsummaryrefslogtreecommitdiff
path: root/doc/src
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src')
-rw-r--r--doc/src/sgml/client-auth.sgml23
1 files changed, 20 insertions, 3 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index f1eb3b279ed..51343de7cad 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1910,13 +1910,19 @@ omicron bryanh guest1
</para>
</listitem>
</varlistentry>
+ </variablelist>
+ </para>
+
+ <para>
+ The following option may be used as an alternative way to write some of the
+ above LDAP options in a more compact and standard form:
+ <variablelist>
<varlistentry>
<term><literal>ldapurl</literal></term>
<listitem>
<para>
An <ulink url="https://datatracker.ietf.org/doc/html/rfc4516">RFC 4516</ulink>
- LDAP URL. This is an alternative way to write some of the
- other LDAP options in a more compact and standard form. The format is
+ LDAP URL. The format is
<synopsis>
ldap[s]://<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/<replaceable>basedn</replaceable>[?[<replaceable>attribute</replaceable>][?[<replaceable>scope</replaceable>][?[<replaceable>filter</replaceable>]]]]
</synopsis>
@@ -1958,7 +1964,8 @@ ldap[s]://<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/<rep
<para>
It is an error to mix configuration options for simple bind with options
- for search+bind.
+ for search+bind. To use <literal>ldapurl</literal> in simple bind mode, the
+ URL must not contain a <literal>basedn</literal> or query elements.
</para>
<para>
@@ -1995,6 +2002,16 @@ host ... ldap ldapserver=ldap.example.net ldapprefix="cn=" ldapsuffix=", dc=exam
</para>
<para>
+ Here is a different simple-bind configuration, which uses the LDAPS scheme
+ and a custom port number, written as a URL:
+<programlisting>
+host ... ldap ldapurl="ldaps://ldap.example.net:49151" ldapprefix="cn=" ldapsuffix=", dc=example, dc=net"
+</programlisting>
+ This is slightly more compact than specifying <literal>ldapserver</literal>,
+ <literal>ldapscheme</literal>, and <literal>ldapport</literal> separately.
+ </para>
+
+ <para>
Here is an example for a search+bind configuration:
<programlisting>
host ... ldap ldapserver=ldap.example.net ldapbasedn="dc=example, dc=net" ldapsearchattribute=uid
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-25 09:32:52 +0000