Merge pull request #310 from haiwen/add-ldap_role_list_mapping

add ldap_role_list_mapping
haiwen · Jul 24, 2024 · edc52df · edc52df
2 parents b8f6d86 + 58fff76
commit edc52df
Showing 1 changed file with 19 additions and 3 deletions.
diff --git a/manual/deploy_pro/ldap_in_11.0.md b/manual/deploy_pro/ldap_in_11.0.md
@@ -407,19 +407,35 @@ To enable this feature, add below option to `seahub_settings.py`, e.g.
 LDAP_USER_ROLE_ATTR = 'title'
 ```
 
-`LDAP_USER_ROLE_ATTR` is the attribute field to configure roles in LDAP. We provide a user-defined function to map the role：Create `custom_functions.py` under conf/ and edit it like:
+`LDAP_USER_ROLE_ATTR` is the attribute field to configure roles in LDAP. You can write a custom function to map the role by creating a file `custom_functions.py` under conf/ and edit it like:
 
 ```python
 # -*- coding: utf-8 -*-
 
-
+# The AD roles attribute returns a list of roles (role_list).
+# The following function use the first entry in the list.
 def ldap_role_mapping(role):
     if 'staff' in role:
         return 'Staff'
     if 'guest' in role:
         return 'Guest'
     if 'manager' in role:
         return 'Manager'
+
+# From version 11.0.11-pro, you can define the following function
+# to calculate a role from the role_list.
+def ldap_role_list_mapping(role_list):
+    if not role_list:
+        return ''
+    for role in role_list:
+        if 'staff' in role:
+            return 'Staff'
+        if 'guest' in role:
+            return 'Guest'
+        if 'manager' in role:
+            return 'Manager'
 ```
 
-You can rewrite this function (in python) to make your own mapping rules. If the file or function doesn't exist, all roles in `LDAP_USER_ROLE_ATTR` will be synced.
+Note: You should only define one of the two functions.
+
+You can rewrite the function (in python) to make your own mapping rules. If the file or function doesn't exist, the first entry in role_list will be synced.