Greenlight-v2.5.5 LDAP changes

_posts/2019-04-15-gl-config.md

@@ -266,8 +266,34 @@ Greenlight is able to authenticate users using an external LDAP server. To conne
 
 > `LDAP_BIND_DN` is the default account to use for user lookup.
 
+> `LDAP_AUTH` is the preferred authentication method. (See below)
+
 > `LDAP_PASSWORD` is the password for the account to perform user lookup.
 
+> `LDAP_ROLE_FIELD` is the name of the attribute that contains the user role. (Optional)
+
+> `LDAP_FILTER` is the filter which can be used to only allow a specific subset of users to authenticate. (Optional)
+
+#### LDAP_AUTH
+
+When setting the authentication method, there are currently 3 options:
+- `"simple"`: Uses the account set in `LDAP_BIND_DN` to look up users
+- `"user"`: Uses the user's own credentials to search for his data, enabling authenticated login to LDAP without the need for a user with global read privileges.
+- `"anonymous"`: Enables an anonymous bind to the LDAP with no password being used.
+
+#### LDAP_ROLE_FIELD
+
+Greenlight can automatically assign a matching role to a user based on their role in the LDAP Server. To do that:
+- Create a role in Greenlight with the **exact** same name as the LDAP role
+- Set the role permissions for the newly created role
+- Repeat for all possible roles
+- Set `LDAP_ROLE_FIELD` equal to the name of the attribute that stores the role
+- Restart Greenlight
+
+Once you have signed in with that user, they will automatically be given the Greenlight role that matches their LDAP role.
+
+#### Example Setup
+
 Here are some example settings using an [OpenLDAP](http://www.openldap.org/) server.
 
 ```
@@ -276,8 +302,11 @@ LDAP_PORT=389
 LDAP_METHOD=plain
 LDAP_UID=uid
 LDAP_BASE=dc=example,dc=org
+LDAP_AUTH=simple
 LDAP_BIND_DN=cn=admin,dc=example,dc=org
 LDAP_PASSWORD=password
+LDAP_ROLE_FIELD=userRole
+LDAP_FILTER=(&(attr1=value1)(attr2=value2))
 ```
 
 If your server is still running you will need to recreate the container for changes to take effect.