Update README

README.md

@@ -19,6 +19,7 @@ glapi -config glapi.env
 ```
 LISTEN="0.0.0.0:8443"
 LDAP_HOST="ldap://ldap.example.org"
+# The base DN exposed to API. Could be buried in LDAP tree so we expose only a subset of directory.
 LDAP_BASE_DN="dc=example,dc=org"
 
 # This account search for valid user provided by authenticating client.
@@ -27,6 +28,9 @@ LDAP_BASE_DN="dc=example,dc=org"
 LDAP_USER="cn=ldapreaduser,dc=example,dc=org"
 LDAP_PASS='here_lies_the_password'
 
+# This base DN is where we seach for authenticating accounts. This way we can chose not to expose them to the API.
+LDAP_AUTH_BASE_DN="ou=users,dc=example,dc=org"
+
 # Https support
 HTTPS=true
 SSL_CERTIFICATE=/etc/ssl/certs/server.pem

glapi.env.sample

@@ -3,7 +3,7 @@ LDAP_HOST="ldap://ldap.example.org"
 # The base DN exposed to API. Could be buried in LDAP tree so we expose only a subset of directory.
 LDAP_BASE_DN="ou=configuration,dc=example,dc=org"
 
-# This account search for valid user provided by authenticating client.
+# This account search for valid users provided by authenticating clients.
 # Then glapi bind with client provided credentials to operate LDAP.
 # Thus this account only needs bind privilege, and read access to users organizational unit        
 LDAP_USER="cn=ldapreaduser,dc=example,dc=org"