Formatting

raddb/mods-available/ldap

@@ -10,12 +10,14 @@ ldap {
 	#  certificate, if you're using ldaps.  See OpenLDAP documentation
 	#  for the behavioral semantics of specifying more than one host.
 	#
-	#  Depending on the libldap in use, server may be an LDAP URI.
-	#  In the case of OpenLDAP this allows additional the following
+	#  Depending on the libldap in use, server may be specified as an LDAP
+	#  URI.  In the case of OpenLDAP this allows additional the following
 	#  additional schemes:
-	#  - ldaps:// (LDAP over SSL)
-	#  - ldapi:// (LDAP over Unix socket)
-	#  - ldapc:// (Connectionless LDAP)
+	#
+	#    - ldaps:// (LDAP over SSL)
+	#    - ldapi:// (LDAP over Unix socket)
+	#    - ldapc:// (Connectionless LDAP)
+	#
 	server = 'localhost'
 #	server = 'ldap.rrdns.example.org'
 #	server = 'ldap.rrdns.example.org'
@@ -71,13 +73,13 @@ ldap {
 	#  mapped attributes.
 	#
 	#  Values should be in the format:
-	#  	<radius attr> <op> <value>
+	#  	<fr attr> <op> <value>
 	#
 	#  Where:
-	#  	<radius attr>:	Is the attribute you wish to create
+	#  	<fr attr>:	Is the attribute you wish to create,
 	# 			with any valid list and request qualifiers.
 	#  	<op>: 		Is any assignment operator (=, :=, +=, -=).
-	#  	<value>:	Is the value to parse into the new valuepair.
+	#  	<value>:	Is the value to parse into the new attribute.
 	# 			If the value is wrapped in double quotes it
 	#			will be xlat expanded.
 #	valuepair_attribute = 'radiusAttribute'
@@ -91,24 +93,24 @@ ldap {
 	#  unlang constructs in module configuration files.
 	#
 	#  Configuration items are in the format:
-	# 	<radius attr> <op> <ldap attr>
+	# 	<fr attr> <op> <ldap attr>
 	#
 	#  Where:
-	#  	<radius attr>:	Is the destination RADIUS attribute
+	#  	<fr attr>:	Is the destination RADIUS attribute
 	# 			with any valid list and request qualifiers.
 	#  	<op>: 		Is any assignment attribute (=, :=, +=, -=).
 	#  	<ldap attr>:	Is the attribute associated with user or
 	#			profile objects in the LDAP directory.
 	# 			If the attribute name is wrapped in double
 	# 			quotes it will be xlat expanded.
 	#
-	#  Request and list qualifiers may also be placed after the 'update'
-	#  section name to set defaults destination requests/lists
-	#  for unqualified RADIUS attributes.
+	#  Request and list qualifiers may be placed after the 'update'
+	#  section name to set default destination requests/lists
+	#  for <fr attr>s with no list qualifiers.
 	#
 	#  Note: LDAP attribute names should be single quoted unless you want
-	#  the name value to be derived from an xlat expansion, or an
-	#  attribute ref.
+	#  the name to be derived from an xlat expansion, or an attribute ref.
+	#
 	update {
 		control:Password-With-Header	+= 'userPassword'
 #		control:NT-Password		:= 'ntPassword'
@@ -181,15 +183,19 @@ ldap {
 
 		#  Server side result sorting
 		#
-		#  A list of space delimited attributes to order the result
-		#  set by, if the filter matches multiple objects.
-		#  Only the first result in the set will be processed.
+		#  A list of space delimited attributes to order the result set by.
+		#
+		#  If the filter matches multiple objects only the first
+		#  result will be processed.
 		#
 		#  If the attribute name is prefixed with a hyphen '-' the
 		#  sorting order will be reversed for that attribute.
 		#
 		#  If sort_by is set, and the server does not support sorting
 		#  the search will fail.
+		#
+		#  If a search returns multiple user objects and sort_by is not
+		#  set, the search will fail.
 #		sort_by = '-uid'
 
 		#  If this is undefined, anyone is authorised.
@@ -208,8 +214,8 @@ ldap {
 		#  'no' and the access_attribute is present, then
 		#  access will not be allowed.
 		#
-		#  If the value of the access_attribute is 'false', it
-		#  will negate the result.
+		#  If the value of the retrieved access_attribute is
+		#  'false', it will negate the result.
 		#
 		#  e.g.
 		#    access_positive = yes