Update README

mention the requirement for anonymous LDAP search of search-base
2024-02-11 20:15:32 +01:00 · 2024-02-11 20:15:32 +01:00 · 31665f3fb0
parent e913de5e8d
commit 31665f3fb0
1 changed files with 10 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,7 @@
 # factoriauth - an unofficial [Factorio](https://factorio.com) authentication server

 Let's say you and your friends are
+
 - on an oil rig,
 - in space, or
 - in the far future,
@ -22,12 +23,12 @@ these custom users are properly authenticated.
 - server padlock generation (`POST /generate-server-padlock-2`)
 - `user_server_key` generation (`POST /generate-user-server-key-2`)
 - [user token generation](https://wiki.factorio.com/Web_authentication_API) and storage (`POST
-  /api-login`), without any actual authentication
-    - LDAP auth backend
+/api-login`)
+- LDAP authentication backend

 ### Planned

- more auth backends: user file, PAM(?)
+- more authentication backends: user file, PAM(?)
 - server padlock proxying (to allow e.g. factorio.com users to join servers using a custom auth
  server)

@ -43,6 +44,12 @@ these custom users are properly authenticated.

 Copy `config.toml.example` to `config.toml` and adjust as necessary.

+#### LDAP authentication backend notes
+
+Factoriauth first binds anonymously to the specified LDAP server in order to look up the login
+user's DN under `search-base`, thus permitting e.g. login via email. The LDAP server
+must be configured to allow this in order for Factoriauth to work correctly.
+
 ### Configuring clients/servers

 To use the auth server, the following snippet needs to be added to the clients' and servers'