add config docs

alexferl · alexferl · commit 1a3b0d19309a · 2024-04-03T15:07:32.000-04:00
Signed-off-by: alexferl &lt;me@alexferl.com&gt;
diff --git a/README.md b/README.md
@@ -1,7 +1,5 @@
 # Flask-SimpleLDAP
-Flask-SimpleLDAP provides LDAP authentication for Flask.
-
-Flask-SimpleLDAP is compatible with and tested on Python 3.8+.
+Flask-SimpleLDAP provides LDAP authentication for Flask and is compatible with and tested on Python 3.8+.
 
 ## Quickstart
 First, install Flask-SimpleLDAP:
@@ -10,8 +8,7 @@ First, install Flask-SimpleLDAP:
 pip install flask-simpleldap
 ```
 
-
-Flask-SimpleLDAP depends, and will install for you, recent versions of Flask
+Flask-SimpleLDAP depends, and will install for you, a recent version of Flask
 (2.2.5 or later) and [python-ldap](https://python-ldap.org/).
 Please consult the [python-ldap installation instructions](https://www.python-ldap.org/en/latest/installing.html) if you get an error during installation.
 
@@ -56,12 +53,10 @@ Once you get the basic example working, check out the more complex ones:
 and [blueprints](https://flask.palletsprojects.com/en/3.0.x/blueprints/).
 
 
-OpenLDAP
---------
-
+## OpenLDAP
 Add the `LDAP` instance to your code and depending on your OpenLDAP
-configuration, add the following at least LDAP_USER_OBJECT_FILTER and
-LDAP_USER_OBJECT_FILTER.
+configuration, add the following at least `LDAP_USER_OBJECT_FILTER` and
+`LDAP_USER_OBJECT_FILTER`.
 
 ```python
 from flask import Flask, g
@@ -98,6 +93,33 @@ if __name__ == "__main__":
     app.run()
 ```
 
-## Resources
-
-- [PyPI](https://pypi.python.org/pypi/Flask-SimpleLDAP)
+## Configuration
+| Setting                          | Description                                                                                                                                               |
+|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `LDAP_HOST`                      | The host name or IP address of your LDAP server. Default: `"localhost"`.                                                                                  |
+| `LDAP_PORT`                      | The port number of your LDAP server. Default: `389`.                                                                                                      |
+| `LDAP_SCHEMA`                    | The LDAP schema to use between `"ldap"`, `"ldapi"` and `"ldaps"`. Default: `"ldap"`.                                                                      |
+| `LDAP_SOCKET_PATH`               | If `LDAP_SCHEMA` is set to `"ldapi"`, the path to the Unix socket path. Default: `"/"`.                                                                   |
+| `LDAP_USERNAME`                  | **Required**: The username used to bind.                                                                                                                  |
+| `LDAP_PASSWORD`                  | **Required**: The password used to bind.                                                                                                                  |
+| `LDAP_TIMEOUT`                   | How long (seconds) a connection can take to be opened before timing out. Default: `10`.                                                                   |
+| `LDAP_LOGIN_VIEW`                | Views decorated with `.login_required()` or`.group_required()` will redirect unauthenticated requests to this view. Default: `"login"`.                   |
+| `LDAP_REALM_NAME`                | Views decorated with `.basic_auth_required()` will use this as the "realm" part of HTTP Basic Authentication when responding to unauthenticated requests. |
+| `LDAP_OPENLDAP`                  | Set to `True` if your server is running OpenLDAP. Default: `False`.                                                                                       |
+| `LDAP_USE_SSL`                   | Set to `True` if your server uses SSL. Default: `False`.                                                                                                  |
+| `LDAP_USE_TLS`                   | Set to `True` if your server uses TLS. Default: `False`.                                                                                                  |
+| `LDAP_REQUIRE_CERT`              | Set to `True` if your server requires a certificate. Default: `False`.                                                                                    |
+| `LDAP_CERT_PATH`                 | Path to the certificate if `LDAP_REQUIRE_CERT` is `True`.                                                                                                 |
+| `LDAP_CUSTOM_OPTIONS`            | `dict` of ldap options you want to set in this format: `{option: value}`. Default: `None`.                                                                |
+| `LDAP_BASE_DN`                   | **Required**: The distinguished name to use as the search base.                                                                                           |
+| `LDAP_OBJECTS_DN`                | The field to use as the objects' distinguished name. Default: `"distinguishedName"`.                                                                      |
+| `LDAP_USER_FIELDS`               | `list` of fields to return when searching for a user's object details. Default: `[]` (all).                                                               |
+| `LDAP_USER_GROUPS_FIELD`         | The field to return when searching for a user's groups. Default: `"memberOf"`.                                                                            |
+| `LDAP_USER_OBJECT_FILTER`        | The filter to use when searching for a user object. Default: `"(&(objectclass=Person)(userPrincipalName=%s))"`                                            |
+| `LDAP_USERS_OBJECT_FILTER`       | The filter to use when searching for users objects. Default: `"objectclass=Person"`                                                                       |
+| `LDAP_GROUP_FIELDS`              | `list` of fields to return when searching for a group's object details. Default: `[]` (all).                                                              |
+| `LDAP_GROUP_MEMBER_FILTER`       | The group member filter to use when using OpenLDAP. Default: `"*"`.                                                                                       |
+| `LDAP_GROUP_MEMBER_FILTER_FIELD` | The group member filter field to use when using OpenLDAP. Default: `"*"`.                                                                                 |
+| `LDAP_GROUP_MEMBERS_FIELD`       | The field to return when searching for a group's members. Default: `"member"`.                                                                            |
+| `LDAP_GROUP_OBJECT_FILTER`       | The filter to use when searching for a group object. Default: `"(&(objectclass=Group)(userPrincipalName=%s))"`.                                           |
+| `LDAP_GROUPS_OBJECT_FILTER`      | The filter to use when searching for groups objects. Default: `"objectclass=Group"`.                                                                      |
