From 6f9127b4aedba77113c57212ebf9e13326ee71b8 Mon Sep 17 00:00:00 2001
From: rithu john <rithujohn191@gmail.com>
Date: Tue, 11 Jul 2017 14:05:32 -0700
Subject: [PATCH] Documentation: add a group query example for the ldap
 connector.

---
 Documentation/ldap-connector.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/Documentation/ldap-connector.md b/Documentation/ldap-connector.md
index e7efde4d..b04eabad 100644
--- a/Documentation/ldap-connector.md
+++ b/Documentation/ldap-connector.md
@@ -191,6 +191,32 @@ groupSearch:
   # Unique name of the group.
   nameAttr: cn
 ```
+To extract group specific information the `DN` can be used in the `userAttr` field.
+
+```
+# Top level object example.coma in LDIF file.
+dn: dc=example,dc=com
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+dc: example
+```
+
+The following is an example of a group query would match any entry with member=<user DN>:
+
+```yaml
+groupSearch:
+  # BaseDN to start the search from. It will translate to the query
+  # "(&(objectClass=group)(member=<user DN>))".
+  baseDN: cn=groups,cn=compat,dc=example,dc=com
+  # Optional filter to apply when searching the directory.
+  filter: "(objectClass=group)"
+
+  userAttr: DN # Use "DN" here not "uid"
+  groupAttr: member
+
+  nameAttr: name
+```
 
 ## Example: Searching a FreeIPA server with groups