The UI option for LDAP_SERVERS_BIND_METHOD_USER says:
The users dn must be of the form "cn=[username],[base dn]" for this option to work.
This is false and might cause someone to avoid the option, when it may in fact be a great option for them (when their user DNs are consistent and anonymous bind/search isn't allowed). The text should say something like the following:
You can only use this option if your user DNs follow a consistent pattern, which you specify as "Expression for user DN" in the next configuration block below.
The misleading text seems to appear in two files:
1. modules/ldap/ldap_authentication/LdapServerAdmin.class.php
2. modules/ldap/ldap_authentication/ldap_authentication.inc
Comments
Comment #1
johnbarclay CreditAttribution: johnbarclay commentedI like it, but at 2 or more examples should be included for learners who do better with example based learning.
Comment #2
alexanderperlis CreditAttribution: alexanderperlis commentedSure, including examples make sense. How about:
This option skips the initial anonymous bind and anonymous search to determine the LDAP user DN, but you can only use this option if your user DNs follow a consistent pattern, for example all of them being of the form "cn=[username],[base dn]", or all of them being of the form "uid=[username],ou=accounts,[base dn]". You specify the pattern under "Expression for user DN" in the next configuration block below.
Comment #3
johnbarclay CreditAttribution: johnbarclay commentedComment #4
johnbarclay CreditAttribution: johnbarclay commentedThanks. I committed this.