# HG changeset patch # User Kim Alvefur # Date 1450644949 -3600 # Node ID 6d7699eda5944e8c290255c4c39b38e7c70075dd # Parent 9e268b4fba08594df4668379c5501606cf2c35c9 mod_auth_ldap: Change default of ldap_scope from onelevel to subtree which seems to match many deployments diff -r 9e268b4fba08 -r 6d7699eda594 mod_auth_ldap/README.markdown --- a/mod_auth_ldap/README.markdown Sun Dec 20 18:58:09 2015 +0100 +++ b/mod_auth_ldap/README.markdown Sun Dec 20 21:55:49 2015 +0100 @@ -37,7 +37,7 @@ ldap\_rootdn The distinguished name to auth against `"" (anonymous)` ldap\_password Password for rootdn `""` ldap\_filter Search filter, with `$user` and `$host` substituded for user- and hostname `"(uid=$user)"` - ldap\_scope Search scope. other values: "base" and "subtree" `"onelevel"` + ldap\_scope Search scope. other values: "base" and "onelevel" `"subtree"` ldap\_tls Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. `false` ldap\_mode How passwords are validated. `"bind"` diff -r 9e268b4fba08 -r 6d7699eda594 mod_auth_ldap/mod_auth_ldap.lua --- a/mod_auth_ldap/mod_auth_ldap.lua Sun Dec 20 18:58:09 2015 +0100 +++ b/mod_auth_ldap/mod_auth_ldap.lua Sun Dec 20 21:55:49 2015 +0100 @@ -9,7 +9,7 @@ local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); local ldap_password = module:get_option_string("ldap_password", ""); local ldap_tls = module:get_option_boolean("ldap_tls"); -local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); +local ldap_scope = module:get_option_string("ldap_scope", "subtree"); local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1); local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); local ldap_mode = module:get_option_string("ldap_mode", "bind");