From 1b7b3515d708f0b1bb1ac5ec6cdeae2ed06ee7d5 Mon Sep 17 00:00:00 2001
From: Takashi Okamoto <toraneko@gmail.com>
Date: Sat, 26 Jan 2019 04:26:01 +0000
Subject: [PATCH] Add Active Directory instruction.

---
 Documentation/connectors/ldap.md | 39 ++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/Documentation/connectors/ldap.md b/Documentation/connectors/ldap.md
index c0e5a66d..0a23257e 100644
--- a/Documentation/connectors/ldap.md
+++ b/Documentation/connectors/ldap.md
@@ -284,3 +284,42 @@ connectors:
 If the search finds an entry, it will attempt to use the provided password to bind as that user entry.
 
 [openldap]: https://www.openldap.org/
+
+## Example: Searching a Active Directory server with groups
+
+The following configuration will allow the LDAP connector to search a Active Directory using an LDAP filter.
+
+```yaml
+
+connectors:
+- type: ldap
+  name: ActiveDirectory
+  id: ad
+  config:
+    host: ad.example.com:636
+
+    insecureNoSSL: false
+    insecureSkipVerify: true
+
+    bindDN: cn=Administrator,cn=users,dc=example,dc=com
+    bindPW: admin0!
+
+    usernamePrompt: Email Address
+
+    userSearch:
+      baseDN: cn=Users,dc=example,dc=com
+      filter: "(objectClass=person)"
+      username: userPrincipalName
+      idAttr: DN
+      emailAttr: userPrincipalName
+      nameAttr: cn
+
+    groupSearch:
+      baseDN: cn=Users,dc=example,dc=com
+      filter: "(objectClass=group)"
+      userAttr: DN
+      groupAttr: member
+      nameAttr: cn
+
+```
+