# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1390332390 -3600
# Node ID eb372e6bb82f4ecc30e398c0ff1b7d64ccdcab47
# Parent  fdff0de712a784b90f9786963a80fae88eead78c
mod_auth_ldap: Document the ldap_mode option

diff -r fdff0de712a7 -r eb372e6bb82f mod_auth_ldap.wiki
--- a/mod_auth_ldap.wiki	Sun Jan 19 22:38:16 2014 +0100
+++ b/mod_auth_ldap.wiki	Tue Jan 21 20:26:30 2014 +0100
@@ -13,7 +13,7 @@
 
 In Prosody's configuration file, under the desired host section, add:
 {{{
-    authentication = "ldap"
+	authentication = "ldap"
 }}}
 
 LDAP options are:
@@ -25,6 +25,16 @@
 || ldap_scope    || search scope. other values: "base" and "subtree"   || "onelevel"       ||
 || ldap_tls      || Use TLS to connect to LDAP? (can be true or false) || false            ||
 || ldap_base     || LDAP base directory which stores user accounts     || this is required ||
+|| ldap_mode     || How to validate passwords.  Other option is "bind" || "getpasswd"      ||
+
+= Modes =
+
+The "getpasswd" mode requires plain text access to passwords in LDAP and
+feeds them into Prosodys authentication system.  This enables more secure
+authentication mechanisms but does not work for all deployments.
+
+The "bind" performs an LDAP bind, does not require plain text access to
+passwords but limits you to the PLAIN authentication mechanism.
 
 = Compatibility =