cubicweb: comparison server/sources/ldapuser.py

equal deleted inserted replaced

-:fee3a1f28ed7
+:9b1f9bc74f5d
 ('data-cnx-dn',
 {'type' : 'string',
 'default': '',
 'help': 'user dn to use to open data connection to the ldap (eg used \
-to respond to rql queries).',
+to respond to rql queries). Leave empty for anonymous bind',
 'group': 'ldap-source', 'level': 1,
 }),
 ('data-cnx-password',
 {'type' : 'string',
 'default': '',
-'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries).',
+'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.',
 'group': 'ldap-source', 'level': 1,
 }),
 ('user-base-dn',
 {'type' : 'string',
 'default': 'ou=People,dc=logilab,dc=fr',
 'help': 'base DN to lookup for users',
-'group': 'ldap-source', 'level': 0,
+'group': 'ldap-source', 'level': 1,
 }),
 ('user-scope',
 {'type' : 'choice',
 'default': 'ONELEVEL',
 'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
-'help': 'user search scope',
+'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
 'group': 'ldap-source', 'level': 1,
 }),
 ('user-classes',
 {'type' : 'csv',
 'default': ('top', 'posixAccount'),
-'help': 'classes of user',
+'help': 'classes of user (with Active Directory, you want to say "user" here)',
 'group': 'ldap-source', 'level': 1,
 }),
 ('user-filter',
 {'type': 'string',
 'default': '',
 'group': 'ldap-source', 'level': 2,
 }),
 ('user-login-attr',
 {'type' : 'string',
 'default': 'uid',
-'help': 'attribute used as login on authentication',
+'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)',
 'group': 'ldap-source', 'level': 1,
 }),
 ('user-default-group',
 {'type' : 'csv',
 'default': ('users',),
 'group': 'ldap-source', 'level': 1,
 }),
 ('user-attrs-map',
 {'type' : 'named',
 'default': {'uid': 'login', 'gecos': 'email'},
-'help': 'map from ldap user attributes to cubicweb attributes',
+'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)',
 'group': 'ldap-source', 'level': 1,
 }),
 ('synchronization-interval',
 {'type' : 'time',
 """open and return a connection to the source"""
 if self._conn is None:
 try:
 self._connect()
 except:
-self.exception('cant connect to ldap')
+self.exception('unable to connect to ldap:')
 return ConnectionWrapper(self._conn)
 def authenticate(self, session, login, password=None, **kwargs):
 """return CWUser eid for the given login/password if this account is
 defined in this source, else raise `AuthenticationError`

changeset 7040	9b1f9bc74f5d
parent 6957	ffda12be2e9f
parent 7029	bae4d11a104b
child 7061	bb2080547722