Added extra FAQ on "Bad Credentials" message and on testing LDAP authentication. Minor mods to LDAP doc.

2011-03-29 15:30:08 +01:00 · 2011-03-29 15:30:08 +01:00 · 9c88576992
parent 78d5495945
commit 9c88576992
2 changed files with 801 additions and 590 deletions
--- a/docs/faq/src/docbook/faq.xml
+++ b/docs/faq/src/docbook/faq.xml
--- a/docs/manual/src/docbook/ldap-auth-provider.xml
+++ b/docs/manual/src/docbook/ldap-auth-provider.xml
@ -32,12 +32,15 @@
            <listitem>
                <para>Obtaining the unique LDAP <quote>Distinguished Name</quote>, or DN, from the
                    login name. This will often mean performing a search in the directory, unless
-                    the exact mapping of usernames to DNs is known in advance.</para>
+                    the exact mapping of usernames to DNs is known in advance. So a user might enter
+                    the name <quote>joe</quote> when logging in, but the actual name used to
+                    authenticate to LDAP will be the full DN, such as
+                    <literal>uid=joe,ou=users,dc=springsource,dc=com</literal>.</para>
            </listitem>
            <listitem>
-                <para>Authenticating the user, either by binding as that user or by performing a
-                    remote <quote>compare</quote> operation of the user's password against the
-                    password attribute in the directory entry for the DN.</para>
+                <para>Authenticating the user, either by <quote>binding</quote> as that user or by
+                    performing a remote <quote>compare</quote> operation of the user's password
+                    against the password attribute in the directory entry for the DN.</para>
            </listitem>
            <listitem>
                <para>Loading the list of authorities for the user.</para>
@ -100,9 +103,10 @@
                    ]]></programlisting> If used with the server definition above, this would
                perform a search under the DN <literal>ou=people,dc=springframework,dc=org</literal>
                using the value of the <literal>user-search-filter</literal> attribute as a filter.
-                Again the user login name is substituted for the parameter in the filter name. If
-                <literal>user-search-base</literal> isn't supplied, the search will be performed
-                from the root. </para>
+                Again the user login name is substituted for the parameter in the filter name, so it
+                will search for an entry with the <literal>uid</literal> attribute equal to the user
+                name. If <literal>user-search-base</literal> isn't supplied, the search will be
+                performed from the root. </para>
        </section>
        <section>
            <info>