diff --git a/modules/admin_manual/pages/configuration/server/occ_commands/app_commands/_ldap_integration_commands.adoc b/modules/admin_manual/pages/configuration/server/occ_commands/app_commands/_ldap_integration_commands.adoc index 87bfe94550..8651de6ca4 100644 --- a/modules/admin_manual/pages/configuration/server/occ_commands/app_commands/_ldap_integration_commands.adoc +++ b/modules/admin_manual/pages/configuration/server/occ_commands/app_commands/_ldap_integration_commands.adoc @@ -45,15 +45,39 @@ Search for an LDAP user, using this syntax: | Limit the results. 0 means no limit, defaults to 15 [default: 15] |=== -Note that the search sting can be empty to list all users, or groups when the `--group` option is set. In this case it must be declared with `''`. It is by default a prefix search. Start the string with `*` to change to infix (substring) search. +Note that the search sting can be empty to list all users, or groups when the `--group` option is set. In this case, the search sting must be declared with `''`. It is by default a prefix search. Start the string with `*` to change to infix (substring) search. -Search attributes are configurable in the LDAP wizard or via `ldap:set-config` as described below: +=== Search Configuration and Rules -.For users, the default displayname attribute is "displayname" -menu:Settings[Admin > User Authentication > LDAP > Advanced > User Search Attributes] +Search attributes are configurable in the LDAP wizard (menu:Settings[Admin > User Authentication > LDAP]) or via an occ command `ldap:set-config` as described below: + +.General rule +. If User/Group Search Attributes are *NOT* defined (empty), the entry defined in the User/Group Display Name Field is used as search attribute, for details see below. +. Important when having multiple search attributes, results are unique as long hits correspond to a unique user or group entry. -.For groups, the default displayname attribute is "cn" +.Rules for users +. If *User Search Attributes* are not defined in: ++ +menu:Settings[Admin > User Authentication > LDAP > Advanced > User Search Attributes] ++ +`ldapAttributesForUserSearch` +. Use the *User Display Name Field* which usually defaults to the default displayname attribute "displayname" ++ +menu:Settings[Admin > User Authentication > LDAP > Advanced > User Display Name Field] ++ +`ldapUserDisplayName` + +.Rules for groups +. If *Group Search Attributes* are not defined in: ++ menu:Settings[Admin > User Authentication > LDAP > Advanced > Group Search Attributes] ++ +`ldapAttributesForGroupSearch` +. Use the *Group Display Name Field* which usually defaults to the default displayname attribute "cn" ++ +menu:Settings[Admin > User Authentication > LDAP > Advanced > Group Display Name Field] ++ +`ldapGroupDisplayName` === Examples @@ -76,7 +100,7 @@ User search attributes can be configured via the wizard or set with `ldap:set-co == Check if an LDAP User Exists -This works only if the ownCloud server is connected to an LDAP server. +This only works if the ownCloud server is connected to an LDAP server. [source,console,subs="attributes+"] ---- @@ -166,6 +190,15 @@ You can list and view your configurations: | The output format to use (plain, json or json_pretty). [default: "plain"] |=== +==== Examples + +If you omit the `configID`, all configuration ID's with their settings are listed: + +[source,console,subs="attributes+"] +---- +{occ-command-example-prefix} ldap:show-config +---- + View the configuration for a single `configID`: [source,console,subs="attributes+"]