update ldap docs.

examples/ldap_auth.yml

@@ -6,14 +6,20 @@ token:
   issuer: Acme auth server
   expiration: 900
 ldap_auth:
+  # Addr is the hostname:port or ip:port
   addr: ldap.example.com:636
   # Setup tls connection method to be
   # "" or "none": the communication won't be encrypted
   # "always": setup LDAP over SSL/TLS
   # "starttls": sets StartTLS as the encryption method
   tls: always
+  # set to true to allow insecure tls
+  insecure_tls_skip_verify: false
+  # In case bind DN and password is required for querying user information,
+  # specify them here. Plain text password is read from the file.
   bind_dn:
   bind_password_file:
+  # User query settings. ${account} is expanded from auth request 
   base: o=example.com
   filter: (&(uid=${account})(objectClass=person))
 acl:

examples/reference.yml

@@ -61,15 +61,22 @@ google_auth:
 # Authentication is performed by first binding to the server, looking up the user entry
 # by using the specified filter, and then re-binding using the matched DN and the password provided.
 ldap_auth:
-  addr: "ldap.example.com:389"
-  tls: true
+  # Addr is the hostname:port or ip:port
+  addr: ldap.example.com:636
+  # Setup tls connection method to be
+  # "" or "none": the communication won't be encrypted
+  # "always": setup LDAP over SSL/TLS
+  # "starttls": sets StartTLS as the encryption method
+  tls: always
+  # set to true to allow insecure tls
+  insecure_tls_skip_verify: false
   # In case bind DN and password is required for querying user information,
   # specify them here. Plain text password is read from the file.
   bind_dn:
   bind_password_file:
   # User query settings. ${account} is expanded from auth request 
-  base: "o=example.com"
-  filter: "(&(uid=${account})(objectClass=person))"
+  base: o=example.com
+  filter: (&(uid=${account})(objectClass=person))
 
 mongo_auth:
   # Essentially all options are described here: https://godoc.org/gopkg.in/mgo.v2#DialInfo