Some more documentation

plugins_auth_ldap.md

@@ -3,7 +3,7 @@ This plugin provides authentification over LDAP.
 
 * [Configuration](#configuration)
   * [Set up password hash](#set-up-password-hash)
-  * [Set up SSL (LDAPS)](#set-up-ssl)
+  * [Set up SSL (LDAPS)](#set-up-ssl-ldap-over-ssl)
 
 
 ## Configuration
@@ -60,4 +60,54 @@ If you use selfsigned certificates you can also specify your CA by setting
 ca_cert = "/etc/ssl/my-ca.crt"
 ```
 
-### 
+### Set object classes for new entries
+The default object class set is `inetOrgPerson`, but you can override it using
+```toml
+[auth_ldap]
+# ...
+object_classes = [
+  "inetOrgPerson",
+  "posixAccount"
+]
+```
+
+### Set attributes for new entries
+By default Flaschengeist only sets attributes used by itself, but you specify other attributes as well.
+Default:
+* `sn`
+* `givenName`
+* `uid`
+* `userPassword`
+* `mail`
+* `display_name`
+
+To specify other attributes add this to you configuration:
+```toml
+[auth_ldap]
+# ...
+  [auth_ldap.user_attributes]
+  # e.g. setting a primary group for new users
+  gidNumber = 1001
+  homeDirectory = "/home/{userid}"
+  loginShell = "/bin/bash"
+  uidNumber = "1000+"
+```
+A special attribute is `uidNumber`, specifying a "X+" does mean to use an incrementing generator starting at 1000 (or highest uidNumber in active directory).
+
+And as you can see you can use placeholders, valid ones:
+* `userid`
+* `display_name`
+* `firstname`
+* `lastname`
+* `mail`
+* `birthday`
+
+### Set DN for new entries
+You can specify a DN template if your user schema requires it, the default one is:
+```ldap
+uid={userid},{base_dn}
+```
+To specify a different template use:
+```toml
+dn_template = "cn={user.firstname} {user.lastname},ou=user,{base_dn}"
+```