From 31665f3fb0a9bebbad7f7dd085f29d48573a4c8d Mon Sep 17 00:00:00 2001
From: DenebTM <deneb@screee.ee>
Date: Sun, 11 Feb 2024 20:15:32 +0100
Subject: [PATCH] Update README

mention the requirement for anonymous LDAP search of search-base
---
 README.md | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 85f2802..4f4ff81 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 # factoriauth - an unofficial [Factorio](https://factorio.com) authentication server
 
 Let's say you and your friends are
+
 - on an oil rig,
 - in space, or
 - in the far future,
@@ -22,12 +23,12 @@ these custom users are properly authenticated.
 - server padlock generation (`POST /generate-server-padlock-2`)
 - `user_server_key` generation (`POST /generate-user-server-key-2`)
 - [user token generation](https://wiki.factorio.com/Web_authentication_API) and storage (`POST
-  /api-login`), without any actual authentication
-    - LDAP auth backend
+/api-login`)
+- LDAP authentication backend
 
 ### Planned
 
-- more auth backends: user file, PAM(?)
+- more authentication backends: user file, PAM(?)
 - server padlock proxying (to allow e.g. factorio.com users to join servers using a custom auth
   server)
 
@@ -43,6 +44,12 @@ these custom users are properly authenticated.
 
 Copy `config.toml.example` to `config.toml` and adjust as necessary.
 
+#### LDAP authentication backend notes
+
+Factoriauth first binds anonymously to the specified LDAP server in order to look up the login
+user's DN under `search-base`, thus permitting e.g. login via email. The LDAP server
+must be configured to allow this in order for Factoriauth to work correctly.
+
 ### Configuring clients/servers
 
 To use the auth server, the following snippet needs to be added to the clients' and servers'