mod_auth_ldap: Change default of ldap_scope from onelevel to subtree which seems to match many deployments

Sun, 20 Dec 2015 21:55:49 +0100

author
Kim Alvefur <zash@zash.se>
date
Sun, 20 Dec 2015 21:55:49 +0100
changeset 1987
6d7699eda594
parent 1986
9e268b4fba08
child 1994
f263fcf1b0ed

mod_auth_ldap: Change default of ldap_scope from onelevel to subtree which seems to match many deployments

mod_auth_ldap/README.markdown file | annotate | diff | comparison | revisions
mod_auth_ldap/mod_auth_ldap.lua file | annotate | diff | comparison | revisions
--- a/mod_auth_ldap/README.markdown	Sun Dec 20 18:58:09 2015 +0100
+++ b/mod_auth_ldap/README.markdown	Sun Dec 20 21:55:49 2015 +0100
@@ -37,7 +37,7 @@
   ldap\_rootdn     The distinguished name to auth against                                                                                 `"" (anonymous)`
   ldap\_password   Password for rootdn                                                                                                    `""`
   ldap\_filter     Search filter, with `$user` and `$host` substituded for user- and hostname                                             `"(uid=$user)"`
-  ldap\_scope      Search scope. other values: "base" and "subtree"                                                                       `"onelevel"`
+  ldap\_scope      Search scope. other values: "base" and "onelevel"                                                                      `"subtree"`
   ldap\_tls        Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported.   `false`
   ldap\_mode       How passwords are validated.                                                                                           `"bind"`
 
--- a/mod_auth_ldap/mod_auth_ldap.lua	Sun Dec 20 18:58:09 2015 +0100
+++ b/mod_auth_ldap/mod_auth_ldap.lua	Sun Dec 20 21:55:49 2015 +0100
@@ -9,7 +9,7 @@
 local ldap_rootdn = module:get_option_string("ldap_rootdn", "");
 local ldap_password = module:get_option_string("ldap_password", "");
 local ldap_tls = module:get_option_boolean("ldap_tls");
-local ldap_scope = module:get_option_string("ldap_scope", "onelevel");
+local ldap_scope = module:get_option_string("ldap_scope", "subtree");
 local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1);
 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");
 local ldap_mode = module:get_option_string("ldap_mode", "bind");

mercurial