search attribute clarification

owncloud · Dec 1, 2021 · c40a771 · c40a771
1 parent bb82efc
commit c40a771
Showing 1 changed file with 39 additions and 6 deletions.
diff --git a/.../configuration/server/occ_commands/app_commands/_ldap_integration_commands.adoc b/.../configuration/server/occ_commands/app_commands/_ldap_integration_commands.adoc
@@ -45,15 +45,39 @@ Search for an LDAP user, using this syntax:
 | Limit the results. 0 means no limit, defaults to 15 [default: 15]
 |===
 
-Note that the search sting can be empty to list all users, or groups when the `--group` option is set. In this case it must be declared with `''`. It is by default a prefix search. Start the string with `*` to change to infix (substring) search.
+Note that the search sting can be empty to list all users, or groups when the `--group` option is set. In this case, the search sting must be declared with `''`. It is by default a prefix search. Start the string with `*` to change to infix (substring) search.
 
-Search attributes are configurable in the LDAP wizard or via `ldap:set-config` as described below:
+=== Search Configuration and Rules 
 
-.For users, the default displayname attribute is "displayname"
-menu:Settings[Admin > User Authentication > LDAP > Advanced > User Search Attributes]
+Search attributes are configurable in the LDAP wizard (menu:Settings[Admin > User Authentication > LDAP]) or via an occ command `ldap:set-config` as described below:
+
+.General rule
+. If User/Group Search Attributes are *NOT* defined (empty), the entry defined in the User/Group Display Name Field is used as search attribute, for details see below.
+. Important when having multiple search attributes, results are unique as long hits correspond to a unique user or group entry.
 
-.For groups, the default displayname attribute is "cn"
+.Rules for users
+. If *User Search Attributes* are not defined in:
++
+menu:Settings[Admin > User Authentication > LDAP > Advanced > User Search Attributes]
++
+`ldapAttributesForUserSearch`
+. Use the *User Display Name Field* which usually defaults to the default displayname attribute "displayname"
++
+menu:Settings[Admin > User Authentication > LDAP > Advanced > User Display Name Field]
++
+`ldapUserDisplayName`
+
+.Rules for groups
+. If *Group Search Attributes* are not defined in:
++
 menu:Settings[Admin > User Authentication > LDAP > Advanced > Group Search Attributes]
++
+`ldapAttributesForGroupSearch`
+. Use the *Group Display Name Field* which usually defaults to the default displayname attribute "cn"
++
+menu:Settings[Admin > User Authentication > LDAP > Advanced > Group Display Name Field]
++
+`ldapGroupDisplayName`
 
 === Examples
 
@@ -76,7 +100,7 @@ User search attributes can be configured via the wizard or set with `ldap:set-co
 
 == Check if an LDAP User Exists
 
-This works only if the ownCloud server is connected to an LDAP server.
+This only works if the ownCloud server is connected to an LDAP server.
 
 [source,console,subs="attributes+"]
 ----
@@ -166,6 +190,15 @@ You can list and view your configurations:
 | The output format to use (plain, json or json_pretty). [default: "plain"]
 |===
 
+==== Examples
+
+If you omit the `configID`, all configuration ID's with their settings are listed:
+
+[source,console,subs="attributes+"]
+----
+{occ-command-example-prefix} ldap:show-config
+----
+
 View the configuration for a single `configID`:
 
 [source,console,subs="attributes+"]