Merge pull request #325 from randomfire/master

- Added search.filter to allow for custom LDAP search filters

1 files changed, 12 insertions, 0 deletions

diff --git a/modules/ldap/docs/ldap.txt b/modules/ldap/docs/ldap.txt
index 4a6e957..151db88 100644
--- a/modules/ldap/docs/ldap.txt
+++ b/modules/ldap/docs/ldap.txt
@@ -72,6 +72,14 @@ authentication source:
 		'search.attributes' => array('uid', 'mail'),
 
 		/*
+		 * Additional filters that must match for the entire LDAP search to be TRUE
+		 *
+		 * This should be a single string conforming to (RFC 1960, 2544)
+		 * The string is appended to the search attributes
+		 */
+		'search.filter' => '(&(objectClass=Person)(|(sn=Doe)(cn=John *)))',
+
+		/*
 		 * The username & password where SimpleSAMLphp should bind to before searching. If
 		 * this is left NULL, no bind will be performed before searching.
 		 */
@@ -103,6 +111,10 @@ options. The `search.base`-option must be the `dn` which should be used
 as the base/root of the search. The `search.attributes`-option is an
 array with attributes the username should be matched against.
 
+You can also append the `search.filter` option to further limit your search.
+The `search.filter` field is optional and need not be included in your
+configuration file.
+
 The `dnpattern` option will not be used if searching is enabled.
 
 Some LDAP servers may require authentication before a search can be