Document how to limit the attributes returned from the LDAP search

diff --git a/Changes b/Changes
index 31a28fe..693f9af 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,3 +1,5 @@
+  - Document how to limit the attributes returned from the LDAP search
+
 1.015 20 February 2015
   - Escape special characters in user/role names
   - Use the stored user credentials to look up roles

diff --git a/lib/Catalyst/Authentication/Store/LDAP.pm b/lib/Catalyst/Authentication/Store/LDAP.pm
index 9045807..c8896e5 100644 (file)
--- a/lib/Catalyst/Authentication/Store/LDAP.pm
+++ b/lib/Catalyst/Authentication/Store/LDAP.pm
@@ -61,7 +61,10 @@ Catalyst::Authentication::Store::LDAP
                user_field          => "uid",
                user_filter         => "(&(objectClass=posixAccount)(uid=%s))",
                user_scope          => "one", # or "sub" for Active Directory
-               user_search_options => { deref => "always" },
+               user_search_options => {
+                 deref => 'always',
+                 attrs => [qw( distinguishedname name mail )],
+               },
                user_results_filter => sub { return shift->pop_entry },
              },
            },

diff --git a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
index 5942d6d..2c1bec2 100644 (file)
--- a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
+++ b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
@@ -35,6 +35,7 @@ Catalyst::Authentication::Store::LDAP::Backend
             'user_field' => 'uid',
             'user_search_options' => {
                 'deref' => 'always',
+                'attrs' => [qw( distinguishedname name mail )],
             },
             'user_results_filter' => sub { return shift->pop_entry },
             'entry_class' => 'MyApp::LDAP::Entry',