From 68f9c987ed396f212065579a66ef1b14fafb44bd Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Sat, 29 Dec 2007 03:02:49 +0000
Subject: Clarify the notes/examples for each of the ldap options.  This should
 make it pretty clear until I finish the fancy LDAP tree viewer control.

I should also note that as of this commit the LDAP auth functions are now
working beautifully against a Windows 2000 Server Active Directory!

Work sponsored-by: Centipede Networks <www.centipedenetworks.com>
---
 usr/local/www/system_usermanager_settings.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'usr/local/www/system_usermanager_settings.php')

diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php
index 6aebc7b..6b93754 100755
--- a/usr/local/www/system_usermanager_settings.php
+++ b/usr/local/www/system_usermanager_settings.php
@@ -159,20 +159,22 @@ if(!$pconfig['backend'])
 								<option value="pfsense"<?php if ($pconfig['backend'] == "pfsense") echo " SELECTED";?>>pfSense</option>
 								<option value="ldap"<?php if ($pconfig['backend'] == "ldap") echo " SELECTED";?>>LDAP</option>
 							</select>
+							<br/>NOTE: login failures or server not available issues will fall back to pfSense internal users/group authentication.
 						</td>
 					</tr>
 					<tr>
                         <td width="22%" valign="top" class="vncell">LDAP Server:port</td>
                         <td width="78%" class="vtable">
 							<input name="ldapserver" size="65" value="<?=htmlspecialchars($pconfig['ldapserver']);?>">
-							<br/>Example: ldap.example.org:389
+							<br/>Example: ldaps://ldap.example.org:389 or ldap://ldap.example.org:389
 						</td>
 					</tr>
 					<tr>
                         <td width="22%" valign="top" class="vncell">LDAP Binding username</td>
                         <td width="78%" class="vtable">
 							<input name="ldapbindun" size="65" value="<?=htmlspecialchars($pconfig['ldapbindun']);?>">
-							Example: For Active Directory you would want to use format DOMAIN\username
+							<br/>This account must have read access to the user objects and be able to retrieve groups.
+							<br/>Example: For Active Directory you would want to use format DOMAIN\username
 						</td>
 					</tr>					
 					<tr>
-- 
cgit v1.1