From 37ae19d4c4bb6edf25658435eb651eeaa6ae22a5 Mon Sep 17 00:00:00 2001 From: Colin Leroy Date: Tue, 27 Nov 2018 14:13:10 +0100 Subject: [PATCH] fix formatting --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 1a38186..24fabf1 100644 --- a/README.md +++ b/README.md @@ -114,12 +114,17 @@ In addition, the **X-Ldap-Template** header can be used to create complex LDAP s Suppose, your web resource should only be available for users from `group1` group. In such a case you can define `X-Ldap-Template` template as follows: +``` proxy_set_header X-Ldap-Template "(&(cn=%(username)s)(memberOf=cn=group1,cn=Users,dc=example,dc=com))"; +``` If your LDAP server doesn't support the memberOf overlay, you can use the following parameters: + +``` proxy_set_header X-Ldap-GroupBaseDN "ou=groups,dc=example,dc=com" proxy_set_header X-Ldap-GroupTemplate "(cn=%(groupname)s)" proxy_set_header X-Ldap-GroupLimit "group1" +``` The search filters can be combined from less complex filters using boolean operations and can be rather complex.