# HG changeset patch
# User Alexandre Fayolle <alexandre.fayolle@logilab.fr>
# Date 1298406632 -3600
# Node ID bae4d11a104ba7ea295db12527ae9061f40a45be
# Parent  e8855733b1255acfba3ca1591afa84c20e5727b3
add some tips for users who want to bind to an AD server

adjust the level of the different configuration parameters so that the condfiguration becomes usable outside Logilab

diff -r e8855733b125 -r bae4d11a104b server/sources/ldapuser.py
--- a/server/sources/ldapuser.py	Mon Feb 21 10:31:18 2011 +0100
+++ b/server/sources/ldapuser.py	Tue Feb 22 21:30:32 2011 +0100
@@ -97,13 +97,13 @@
          {'type' : 'string',
           'default': '',
           'help': 'user dn to use to open data connection to the ldap (eg used \
-to respond to rql queries).',
+to respond to rql queries). Leave empty for anonymous bind',
           'group': 'ldap-source', 'level': 1,
           }),
         ('data-cnx-password',
          {'type' : 'string',
           'default': '',
-          'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries).',
+          'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.',
           'group': 'ldap-source', 'level': 1,
           }),
 
@@ -111,19 +111,19 @@
          {'type' : 'string',
           'default': 'ou=People,dc=logilab,dc=fr',
           'help': 'base DN to lookup for users',
-          'group': 'ldap-source', 'level': 0,
+          'group': 'ldap-source', 'level': 1,
           }),
         ('user-scope',
          {'type' : 'choice',
           'default': 'ONELEVEL',
           'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
-          'help': 'user search scope',
+          'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-classes',
          {'type' : 'csv',
           'default': ('top', 'posixAccount'),
-          'help': 'classes of user',
+          'help': 'classes of user (with Active Directory, you want to say "user" here)',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-filter',
@@ -135,7 +135,7 @@
         ('user-login-attr',
          {'type' : 'string',
           'default': 'uid',
-          'help': 'attribute used as login on authentication',
+          'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-default-group',
@@ -148,7 +148,7 @@
         ('user-attrs-map',
          {'type' : 'named',
           'default': {'uid': 'login', 'gecos': 'email'},
-          'help': 'map from ldap user attributes to cubicweb attributes',
+          'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)',
           'group': 'ldap-source', 'level': 1,
           }),
 
@@ -282,7 +282,7 @@
             try:
                 self._connect()
             except:
-                self.exception('cant connect to ldap')
+                self.exception('unable to connect to ldap:')
         return ConnectionWrapper(self._conn)
 
     def authenticate(self, session, login, password=None, **kwargs):