Github user necouchman commented on a diff in the pull request:
https://github.com/apache/guacamole-manual/pull/90#discussion_r199562522
--- Diff: src/chapters/ldap-auth.xml ---
@@ -356,6 +356,17 @@ dn: cn={4}guacConfigGroup,cn=schema,cn=config
"<systemitem>uid=user,ou=people,dc=example,dc=net</systemitem>".</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><property>ldap-user-attributes</property></term>
+ <listitem>
+ <para>The attribute or attributes to retrieve from
the LDAP directory.
+ These attributes are stored as tokens with the
prefix "GUAC_ATTR_"
+ and the name of the attribute appended in
uppercase letters.
+ The value of the token is the value of the
attribute in the LDAP directory.
+ If the attribute has no value in the directory
then the token is not saved.
+ Multiple attributes can be specified here,
separated by commas.</para>
--- End diff --
Two things:
- Probably should clarify here that the attribute(s) are for the currently
logged-in user.
- Also probably want to address how multi-valued attributes behaved. This
occurred to me at one point during the phase of writing the code, but left my
mind, but it should at least be documented. For example, in general LDAP
allows the "mail" attribute to contain multiple values, and at one of my
previous employers there was a large portion of the company that had multiple
e-mail addresses. What happens in this case? There are several LDAP
attributes that fall into that same category that can have multiple values, and
it should at least be documented what value gets passed into this token (first
value, last value, random value, all of them together...?).
---
