Merge pull request #1 from fguillot/master

Update from upstream

1 files changed, 35 insertions, 13 deletions

diff --git a/doc/ldap-group-sync.markdown b/doc/ldap-group-sync.markdown
index 355a1cde..69678a8a 100644
--- a/doc/ldap-group-sync.markdown
+++ b/doc/ldap-group-sync.markdown
@@ -7,30 +7,52 @@ Requirements
 - Have LDAP authentication properly configured
 - Use a LDAP server that supports `memberOf`
 
-Automatically define Kanboard groups based on LDAP groups
----------------------------------------------------------
+Define automatically user roles based on LDAP groups
+----------------------------------------------------
 
-In your config file, define the constants `LDAP_GROUP_ADMIN_DN` and `LDAP_GROUP_PROJECT_ADMIN_DN`. Here an example, replace the values according to your own LDAP configuration:
+Use these constants in your config file:
+
+- `LDAP_GROUP_ADMIN_DN`: Distinguished names for application administrators
+- `LDAP_GROUP_MANAGER_DN`: Distinguished names for application managers
+
+Example:
 
 ```php
 define('LDAP_GROUP_ADMIN_DN', 'CN=Kanboard Admins,CN=Users,DC=kanboard,DC=local');
-define('LDAP_GROUP_PROJECT_ADMIN_DN', 'CN=Kanboard Project Admins,CN=Users,DC=kanboard,DC=local');
+define('LDAP_GROUP_MANAGER_DN', 'CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local');
 ```
 
-- People member of "Kanboard Admins" will be "Kanboard Administrators"
-- People member of "Kanboard Project Admins" will be "Kanboard Project Administrators"
-- Everybody else will be Kanboard Standard Users
+- People member of "Kanboard Admins" will have the role "Administrator"
+- People member of "Kanboard Managers" will have the role "Managers"
+- Everybody else will have the role "User"
+
+Automatically load LDAP groups for project permissions
+------------------------------------------------------
 
-Note: At the moment, that works only at account creation.
+This feature allows you to sync automatically LDAP groups with Kanboard groups.
+Each group can have a different project role assigned.
 
-Filter Kanboard access based on the LDAP group
-----------------------------------------------
+On the project permissions page, people can enter groups in the auto-complete field and Kanboard can search for groups with any provider enabled.
 
-To allow only some users to use Kanboard, use the existing `LDAP_USER_PATTERN` constant:
+If the group doesn't exist in the local database, it will be automatically synced.
+
+- `LDAP_GROUP_PROVIDER`: Enable the LDAP group provider
+- `LDAP_GROUP_BASE_DN`: Distinguished names to find groups in LDAP directory
+- `LDAP_GROUP_FILTER`: LDAP filter used to perform the query
+- `LDAP_GROUP_ATTRIBUTE_NAME`: LDAP attribute used to fetch the group name
+
+Example:
 
 ```php
-define('LDAP_USER_PATTERN', '(&(objectClass=user)(sAMAccountName=%s)(memberOf=CN=Kanboard Users,CN=Users,DC=kanboard,DC=local))');
+define('LDAP_GROUP_PROVIDER', true);
+define('LDAP_GROUP_BASE_DN', 'CN=Groups,DC=kanboard,DC=local');
+define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))');
 ```
 
-This example allow only people member of the group "Kanboard Users" to connect to Kanboard.
+With the filter given as example above, Kanboard will search for groups that match the query.
+If the end-user enter the text "My group" in the auto-complete box, Kanboard will return all groups that match the pattern: `(&(objectClass=group)(sAMAccountName=My group*))`.
+
+- Note 1: The special characters `*` is important here, otherwise an exact match will be done.
+- Note 2: This feature is only compatible with LDAP authentication configured in "proxy" or "anonymous" mode
 
+[More examples of LDAP filters for Active Directory](http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx)