minor #9307 Clarification on search user (woofiewilly, javiereguiluz)

javiereguiluz · javiereguiluz · commit f252a3c7377e · 2018-05-28T09:14:46.000+02:00
This PR was merged into the 2.8 branch. Discussion ---------- Clarification on search user I had issues with configuration because I misunderstood the configuration for the user provider. I didn't realize that the configured user was actually a static one only used for retrieving information. I also added a clarification for the case that you are getting information anonymously, which was what my situation required. These changes are relevant for Symfony 2.8+ (2.8 being the oldest maintained version I checked) Also, I added a note on keeping the password out of VC by using a parameter, but in Symfony 4 this should be an environment variable instead. I'm not sure how I'm supposed to propose the change for this slight difference once hitting that version. Commits ------- b7a2009 Minor reword f08eab2 Clarification on search user
diff --git a/security/ldap.rst b/security/ldap.rst
@@ -173,6 +173,15 @@ use the ``ldap`` user provider.
     provider is used. However, the LDAP component itself does not provide
     any escaping yet. Thus, it's your responsibility to prevent LDAP injection
     attacks when using the component directly.
+    
+.. caution::
+
+    The user configured above in the the user provider is only used to retrieve
+    data. It's a static user defined by its username and password (for improved
+    security, define the password as an environment variable).
+    
+    If your LDAP server allows to retrieve information anonymously, you can
+    set the ``search_dn`` and ``search_password`` options to ``null``.
 
 The ``ldap`` user provider supports many different configuration options:
 
