The UI option for LDAP_SERVERS_BIND_METHOD_USER says:

The users dn must be of the form "cn=[username],[base dn]" for this option to work.

This is false and might cause someone to avoid the option, when it may in fact be a great option for them (when their user DNs are consistent and anonymous bind/search isn't allowed). The text should say something like the following:

You can only use this option if your user DNs follow a consistent pattern, which you specify as "Expression for user DN" in the next configuration block below.

The misleading text seems to appear in two files:
1. modules/ldap/ldap_authentication/LdapServerAdmin.class.php
2. modules/ldap/ldap_authentication/ldap_authentication.inc

Comments

johnbarclay’s picture

johnbarclay CreditAttribution: johnbarclay commented

I like it, but at 2 or more examples should be included for learners who do better with example based learning.

alexanderperlis’s picture

alexanderperlis CreditAttribution: alexanderperlis commented

Sure, including examples make sense. How about:

This option skips the initial anonymous bind and anonymous search to determine the LDAP user DN, but you can only use this option if your user DNs follow a consistent pattern, for example all of them being of the form "cn=[username],[base dn]", or all of them being of the form "uid=[username],ou=accounts,[base dn]". You specify the pattern under "Expression for user DN" in the next configuration block below.

johnbarclay’s picture

johnbarclay CreditAttribution: johnbarclay commented
Title: UI for LDAP server config is misleading for user bind method » LDAP Server: UI for LDAP server config is misleading for user bind method
Version: 7.x-2.0-beta3 » 7.x-2.x-dev
johnbarclay’s picture

johnbarclay CreditAttribution: johnbarclay commented
Status: Needs review » Fixed

Thanks. I committed this.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.