From e603a5e631b6209199e22378f7e00d007e8d830f Mon Sep 17 00:00:00 2001 From: Owen Tuz Date: Mon, 26 Nov 2018 10:02:41 +0000 Subject: [PATCH 1/2] LDAP connector - Document that 'DN' must be in capitals --- Documentation/connectors/ldap.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Documentation/connectors/ldap.md b/Documentation/connectors/ldap.md index 0a0813c7..abf7062a 100644 --- a/Documentation/connectors/ldap.md +++ b/Documentation/connectors/ldap.md @@ -43,6 +43,8 @@ Dex currently allows insecure connections because the project is still verifying User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). `*Attr` attributes could be set to "DN" in situations where it is needed but not available elsewhere, and if "DN" attribute does not exist in the record. +For the purposes of configuring this connector, "DN" is case-sensitive and should always be capitalised. This is treated as a special case because, while all other configuration values refer to single attributes on an entity, an LDAP Distinguished Name consists of multiple attributes which uniquely identify a resource. + The following is an example config file that can be used by the LDAP connector to authenticate a user. ```yaml From 9ea2ade208b0816a6a93ee1d40b2bd781af3cb07 Mon Sep 17 00:00:00 2001 From: Owen Tuz Date: Mon, 26 Nov 2018 11:50:44 +0000 Subject: [PATCH 2/2] LDAP docs - remove extra wording re DN --- Documentation/connectors/ldap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/connectors/ldap.md b/Documentation/connectors/ldap.md index abf7062a..0ab8703a 100644 --- a/Documentation/connectors/ldap.md +++ b/Documentation/connectors/ldap.md @@ -43,7 +43,7 @@ Dex currently allows insecure connections because the project is still verifying User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). `*Attr` attributes could be set to "DN" in situations where it is needed but not available elsewhere, and if "DN" attribute does not exist in the record. -For the purposes of configuring this connector, "DN" is case-sensitive and should always be capitalised. This is treated as a special case because, while all other configuration values refer to single attributes on an entity, an LDAP Distinguished Name consists of multiple attributes which uniquely identify a resource. +For the purposes of configuring this connector, "DN" is case-sensitive and should always be capitalised. The following is an example config file that can be used by the LDAP connector to authenticate a user.