add some tips for users who want to bind to an AD server stable
authorAlexandre Fayolle <alexandre.fayolle@logilab.fr>
Tue, 22 Feb 2011 21:30:32 +0100
branchstable
changeset 7029 bae4d11a104b
parent 7028 e8855733b125
child 7030 d48c6b0158b9
add some tips for users who want to bind to an AD server adjust the level of the different configuration parameters so that the condfiguration becomes usable outside Logilab
server/sources/ldapuser.py
--- a/server/sources/ldapuser.py	Mon Feb 21 10:31:18 2011 +0100
+++ b/server/sources/ldapuser.py	Tue Feb 22 21:30:32 2011 +0100
@@ -97,13 +97,13 @@
          {'type' : 'string',
           'default': '',
           'help': 'user dn to use to open data connection to the ldap (eg used \
-to respond to rql queries).',
+to respond to rql queries). Leave empty for anonymous bind',
           'group': 'ldap-source', 'level': 1,
           }),
         ('data-cnx-password',
          {'type' : 'string',
           'default': '',
-          'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries).',
+          'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.',
           'group': 'ldap-source', 'level': 1,
           }),
 
@@ -111,19 +111,19 @@
          {'type' : 'string',
           'default': 'ou=People,dc=logilab,dc=fr',
           'help': 'base DN to lookup for users',
-          'group': 'ldap-source', 'level': 0,
+          'group': 'ldap-source', 'level': 1,
           }),
         ('user-scope',
          {'type' : 'choice',
           'default': 'ONELEVEL',
           'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
-          'help': 'user search scope',
+          'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-classes',
          {'type' : 'csv',
           'default': ('top', 'posixAccount'),
-          'help': 'classes of user',
+          'help': 'classes of user (with Active Directory, you want to say "user" here)',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-filter',
@@ -135,7 +135,7 @@
         ('user-login-attr',
          {'type' : 'string',
           'default': 'uid',
-          'help': 'attribute used as login on authentication',
+          'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)',
           'group': 'ldap-source', 'level': 1,
           }),
         ('user-default-group',
@@ -148,7 +148,7 @@
         ('user-attrs-map',
          {'type' : 'named',
           'default': {'uid': 'login', 'gecos': 'email'},
-          'help': 'map from ldap user attributes to cubicweb attributes',
+          'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)',
           'group': 'ldap-source', 'level': 1,
           }),
 
@@ -282,7 +282,7 @@
             try:
                 self._connect()
             except:
-                self.exception('cant connect to ldap')
+                self.exception('unable to connect to ldap:')
         return ConnectionWrapper(self._conn)
 
     def authenticate(self, session, login, password=None, **kwargs):