From 8ea339cb833d3dacd7148a55971d7ae762c004b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dipl=20Ing=2E=20P=C3=A9ter=20Varkoly?=
 <pvarkoly@cephalix.eu>
Date: Fri, 20 Sep 2024 11:14:02 +0200
Subject: [PATCH] Created LDAP authentication (markdown)

---
 LDAP-authentication.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 LDAP-authentication.md

diff --git a/LDAP-authentication.md b/LDAP-authentication.md
new file mode 100644
index 0000000..cde44e2
--- /dev/null
+++ b/LDAP-authentication.md
@@ -0,0 +1,19 @@
+# Enalbe LDAP Authentication
+The first step to enable LDAP authentication is the installation of the corresponding python module. Even if the python-ldap module is supported, we recommend the use of python-ldap3 as the further development is only based on this module.
+
+## Configure LDAP Authentication
+After installing the python ldap module you have to enable and confiugre it in the [auth] section of the configuration file of Radicale. Please note that anonymous bind is not supported. That means you have to provide a LDAP-account with read-rights to the user accounts. At the moment only SUBTREE searches are implemented. 
+
+Following parameter are available. No default values are provided that means you have to set all parameters:
+
+`type = ldap` 
+
+`ldap_uri` The URI to the LDAP-server. [ldap|ldaps]://<host>[:port]
+
+`ldap_base` The base DN from where the users must be searched for.
+
+`ldap_reader_dn` The DN of the LDAP account with read rights to the subtree from ldap_base
+
+`ldap_secret` The password of the ldap_reader_dn
+
+`ldap_filter` The ldap filter to find the DN of the login user. This filter must contain a python format string with placeholder(s) for the login: (&(objectClass=person)(cn={0}))
\ No newline at end of file