env.example: add LDAP filters, include additional LDAP sample values

Signed-off-by: le-firehawk <[email protected]>
jitsi · Jun 6, 2024 · 0d2c61d · 0d2c61d
1 parent 1e9264e
commit 0d2c61d
Showing 1 changed file with 39 additions and 1 deletion.
diff --git a/env.example b/env.example
@@ -144,26 +144,64 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
 #
 
 # LDAP url for connection
-#LDAP_URL=ldaps://ldap.domain.com/
+# ldaps:// not compatible with LDAP_START_TLS
+#LDAP_URL=ldap://ldap.domain.com
 
 # LDAP base DN. Can be empty
 #LDAP_BASE=DC=example,DC=domain,DC=com
+# FreeIPA should be based at accounts
+#LDAP_BASE=CN=accounts,DC=example,DC=domain,DC=com
 
 # LDAP user DN. Do not specify this parameter for the anonymous bind
 #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
+# FreeIPA uses different scheme
+#LDAP_BINDDN=UID=binduser,CN=users,CN=accounts,DC=example,DC=domain,DC=com
 
 # LDAP user password. Do not specify this parameter for the anonymous bind
 #LDAP_BINDPW=LdapUserPassw0rd
 
+# Many LDAP providers may obfuscate tree information
+# required for advanced filtering when using anonymous
+# bind
+
 # LDAP filter. Tokens example:
 # %1-9 - if the input key is [email protected], then %1 is com, %2 is domain and %3 is mail
 # %s - %s is replaced by the complete service string
 # %r - %r is replaced by the complete realm string
+# (&(filter1)(filter2)(...)) - require multiple filters to be true
+# (|(filter1)(filter2)(...)) - require one filter to be true
+# (!(filter1)) - require one or more filters to be false
 #LDAP_FILTER=(sAMAccountName=%u)
 
+# FreeIPA, other LDAP providers, use UID
+#LDAP_FILTER=(UID=%u)
+# FreeIPA group filtering
+#LDAP_FILTER=(&(UID=%u)(memberOf=CN=groupname,CN=groups,CN=accounts,DC=example,DC=domain,DC=com))
+
 # LDAP authentication method
 #LDAP_AUTH_METHOD=bind
 
+# LDAP group member attribute
+#LDAP_GROUP_ATTR=uniqueMember
+# FreeIPA, other LDAP providers, use memberOf
+#LDAP_GROUP_ATTR=memberOf
+
+# LDAP group membership requirement
+#LDAP_GROUP_DN=CN=groupname,CN=groups,CN=accounts,DC=example,DC=domain,DC=com
+
+# LDAP group match method
+# filter implies LDAP_GROUP_FILTER. attr implies LDAP_GROUP_SEARCH_BASE
+# ignored without LDAP_GROUP_DN
+#LDAP_GROUP_MATCH_METHOD=filter
+
+# LDAP group filter
+# Respects tokens common to LDAP filtering
+#LDAP_GROUP_FILTER=(CN=groupname,CN=groups,CN=accounts,DC=example,DC=domain,DC=com)
+
+# LDAP group search base
+# Defaults to LDAP_BASE
+#LDAP_GROUP_SEARCH_BASE=CN=groupname,CN=groups,CN=accounts,DC=example,DC=domain,DC=com
+
 # LDAP version
 #LDAP_VERSION=3