From b732f8c585357d5604151d350bd45712b2c936d8 Mon Sep 17 00:00:00 2001
From: Vladimir Homutov <vl.homutov@gmail.com>
Date: Mon, 25 Dec 2017 12:13:49 +0300
Subject: [PATCH] Fixed LDAP name of the "sAMAccountName" attribute.

The correct name starts with the lowercase 's'.

https://msdn.microsoft.com/en-us/library/ms679635
---
 README.md            | 2 +-
 nginx-ldap-auth.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index f5cf44e..4b45ef7 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,7 @@ For detailed instructions, see [Configuring the Reference Implementation](https:
 If the authentication server runs Active Directory rather than OpenLDAP, uncomment the following directive as shown:
 
 ```
-proxy_set_header X-Ldap-Template "(SAMAccountName=%(username)s)";
+proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";
 ```
 
 In addition, the **X-Ldap-Template** header can be used to create complex LDAP searches. The code in ldap-auth-daemon creates a search filter that is based on this template header. By default, template is empty, and does not make any effect on LDAP search. However, you may decide for instance to authenticate only users from a specific user group (see LDAP documentation for more information regarding filters).
diff --git a/nginx-ldap-auth.conf b/nginx-ldap-auth.conf
index e60ef8d..23b20bb 100644
--- a/nginx-ldap-auth.conf
+++ b/nginx-ldap-auth.conf
@@ -93,7 +93,7 @@ http {
 
             # (Required if using Microsoft Active Directory as the LDAP server)
             # Set the LDAP template by uncommenting the following directive.
-            #proxy_set_header X-Ldap-Template "(SAMAccountName=%(username)s)";
+            #proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";
 
             # (Optional if using OpenLDAP as the LDAP server) Set the LDAP
             # template by uncommenting the following directive and replacing
-- 
GitLab