mod_auth_ldap: Change default of ldap_scope from onelevel to subtree which seems to match many deployments
--- a/mod_auth_ldap/README.markdown Sun Dec 20 18:58:09 2015 +0100
+++ b/mod_auth_ldap/README.markdown Sun Dec 20 21:55:49 2015 +0100
@@ -37,7 +37,7 @@
ldap\_rootdn The distinguished name to auth against `"" (anonymous)`
ldap\_password Password for rootdn `""`
ldap\_filter Search filter, with `$user` and `$host` substituded for user- and hostname `"(uid=$user)"`
- ldap\_scope Search scope. other values: "base" and "subtree" `"onelevel"`
+ ldap\_scope Search scope. other values: "base" and "onelevel" `"subtree"`
ldap\_tls Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. `false`
ldap\_mode How passwords are validated. `"bind"`
--- a/mod_auth_ldap/mod_auth_ldap.lua Sun Dec 20 18:58:09 2015 +0100
+++ b/mod_auth_ldap/mod_auth_ldap.lua Sun Dec 20 21:55:49 2015 +0100
@@ -9,7 +9,7 @@
local ldap_rootdn = module:get_option_string("ldap_rootdn", "");
local ldap_password = module:get_option_string("ldap_password", "");
local ldap_tls = module:get_option_boolean("ldap_tls");
-local ldap_scope = module:get_option_string("ldap_scope", "onelevel");
+local ldap_scope = module:get_option_string("ldap_scope", "subtree");
local ldap_filter = module:get_option_string("ldap_filter", "(uid=$user)"):gsub("%%s", "$user", 1);
local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");
local ldap_mode = module:get_option_string("ldap_mode", "bind");