Document how to limit the attributes returned from the LDAP search

[catagits/Catalyst-Authentication-Store-LDAP.git] / lib / Catalyst / Authentication / Store / LDAP.pm

diff --git a/lib/Catalyst/Authentication/Store/LDAP.pm b/lib/Catalyst/Authentication/Store/LDAP.pm
index 60aef5a..c8896e5 100644 (file)
--- a/lib/Catalyst/Authentication/Store/LDAP.pm
+++ b/lib/Catalyst/Authentication/Store/LDAP.pm
@@ -3,7 +3,7 @@ package Catalyst::Authentication::Store::LDAP;
 use strict;
 use warnings;
 
-our $VERSION = '1.008';
+our $VERSION = '1.015';
 
 use Catalyst::Authentication::Store::LDAP::Backend;
 
@@ -60,8 +60,11 @@ Catalyst::Authentication::Store::LDAP
                user_basedn         => "ou=people,dc=yourcompany,dc=com",
                user_field          => "uid",
                user_filter         => "(&(objectClass=posixAccount)(uid=%s))",
-               user_scope          => "one",
-               user_search_options => { deref => "always" },
+               user_scope          => "one", # or "sub" for Active Directory
+               user_search_options => {
+                 deref => 'always',
+                 attrs => [qw( distinguishedname name mail )],
+               },
                user_results_filter => sub { return shift->pop_entry },
              },
            },
@@ -156,6 +159,7 @@ tweeks to the example configuration will work:
     user_basedn: ou=Domain Users,ou=Accounts,dc=mycompany,dc=com
     user_field:  samaccountname
     user_filter: (sAMAccountName=%s) 
+    user_scope: sub
 
 He also notes: "I found the case in the value of user_field to be significant: 
 it didn't seem to work when I had the mixed case value there."