From 9bf9a5c7371a78286b8f6290e2114ff90ab91b9c Mon Sep 17 00:00:00 2001
From: Dominik George <dominik.george@teckids.org>
Date: Sat, 24 Aug 2019 23:27:17 +0200
Subject: [PATCH] Add documentation on LDAP setup. Advances #23.

---
 docs/admin/00_index.rst |  7 +++++++
 docs/admin/01_ldap.rst  | 32 ++++++++++++++++++++++++++++++++
 docs/index.rst          |  1 +
 3 files changed, 40 insertions(+)
 create mode 100644 docs/admin/00_index.rst
 create mode 100644 docs/admin/01_ldap.rst

diff --git a/docs/admin/00_index.rst b/docs/admin/00_index.rst
new file mode 100644
index 000000000..8d3c47f21
--- /dev/null
+++ b/docs/admin/00_index.rst
@@ -0,0 +1,7 @@
+Configuration and andministration
+=================================
+
+.. toctree::
+   :glob:
+
+   *
diff --git a/docs/admin/01_ldap.rst b/docs/admin/01_ldap.rst
new file mode 100644
index 000000000..a5b54779f
--- /dev/null
+++ b/docs/admin/01_ldap.rst
@@ -0,0 +1,32 @@
+Authenticating against LDAP
+===========================
+
+BiscuIT can authenticate users against an LDAP directory (like OpenLDAP or
+Active Directory). The BiscuIT core can only authenticate and synchronise
+authenticated users to BiscuIT's database. There are apps that help with
+tasks like mass-importing accounts and linking accounts to persons in
+the BiscuIY system (see below).
+
+
+Installing packages for LDAP support
+------------------------------------
+
+Installing the necessary librairies for LDAP support unfortunately is not
+very straightforward under all circumstances.
+
+TBA.
+
+
+Configuration of LDAP support
+-----------------------------
+
+Configuration is done under the `default.ldap` section in BiscuIT's
+configuration file. For example, add something like the following to your
+configuration (normally in `/etc/biscuit`; you can either append to an
+existing file or add a new one)::
+
+  [default.ldap]
+  uri = "ldaps://ldap.myschool.edu"
+  bind = { dn = "cn=reader,dc=myschool,dc=edu", password = "secret" }
+  users = { base = "ou=people,dc=myschool,dc=edu", filter = "(uid=%(user)s)" }
+  map = { first_name = "givenName", last_name = "sn", email = "mail" }
diff --git a/docs/index.rst b/docs/index.rst
index c21b74031..1cb4bca97 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -10,6 +10,7 @@ Welcome to BiscuIT's documentation!
    :maxdepth: 2
    :caption: Contents:
 
+   admin/00_index
    dev/00_index
    ref/00_index
 
-- 
GitLab