From 3bfb4a67e3492ed75f40136d4b62d1b5d73d0f65 Mon Sep 17 00:00:00 2001
From: Dan Scott <dscott@laurentian.ca>
Date: Thu, 8 Mar 2012 13:36:04 -0500
Subject: [PATCH] Add id_attr LDAP attribute to opensrf.xml.example

Also add a Release Notes entry for the authentication proxy service.

Signed-off-by: Dan Scott <dscott@laurentian.ca>
Signed-off-by: Dan Wells <dbw2@calvin.edu>
---
 Open-ILS/examples/opensrf.xml.example |  1 +
 docs/RELEASE_NOTES_2_2.txt            | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example
index 82c55e7bb4..ea6f18b397 100644
--- a/Open-ILS/examples/opensrf.xml.example
+++ b/Open-ILS/examples/opensrf.xml.example
@@ -393,6 +393,7 @@ vim:et:ts=4:sw=4:
                             <hostname>name.domain.com</hostname>
                             <basedn>ou=people,dc=domain,dc=com</basedn>
                             <authid>cn=username,ou=specials,dc=domain,dc=com</authid>
+                            <id_attr>uid</id_attr>
                             <password>my_ldap_password_for_authid_user</password>
                             <login_types>
                                 <type>staff</type>
diff --git a/docs/RELEASE_NOTES_2_2.txt b/docs/RELEASE_NOTES_2_2.txt
index 036eef9173..ecd0808248 100644
--- a/docs/RELEASE_NOTES_2_2.txt
+++ b/docs/RELEASE_NOTES_2_2.txt
@@ -98,6 +98,27 @@ may be particularly useful for libraries that have defined one set of copy
 locations at the consortial level and want to enable quick keyboard navigation
 to copy locations by typing just the first letters of the copy location.
 
+Authentication proxy
+~~~~~~~~~~~~~~~~~~~~
+To support integration of Evergreen with organizational authentication systems,
+and to reduce the proliferation of user names and passwords, Evergreen offers 
+a new service called `open-ils.auth_proxy`. If you enable the service,
+`open-ils.auth_proxy` supports different authentication mechanisms
+that implement the `authenticate` method. You can define a chain of these
+authentication mechanisms to be tried in order within the `<authenticators>`
+element of the `opensrf.xml` configuration file, with the option of falling
+back to the `native` mode that uses Evergreen's internal method of password
+authentication.
+
+This service only provides authentication; there is no support for automatic
+provisioning of accounts. To authenticate against any authentication system,
+the user account must first be defined within the Evergreen system, and
+authentication will be based on the user name as it exists in Evergreen.
+
+A sample authentication mechanism for LDAP is provided in
+`Open-ILS::Application::AuthProxy::LDAP_AUTH`, and corresponding sample
+attributes can be found in `opensrf.xml.example`.
+
 Reports
 ~~~~~~~
 
-- 
2.43.2