Merge pull request #1080 from bellwood/patch-2

Enhance LDAP documentation

docs/installation/ldap.md

@@ -49,6 +49,8 @@ AUTH_LDAP_BIND_PASSWORD = "demo"
 #     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
 LDAP_IGNORE_CERT_ERRORS = True
 ```
+!!! info
+    When using Windows Server 2012 you may need to specify a port on AUTH_LDAP_SERVER_URI - 3269 for secure, 3268 for non-secure.
 
 ## User Authentication
 
@@ -70,6 +72,8 @@ AUTH_LDAP_USER_ATTR_MAP = {
     "last_name": "sn"
 }
 ```
+!!! info
+    When using Windows Server 2012 AUTH_LDAP_USER_DN_TEMPLATE should be set to None.
 
 # User Groups for Permissions
 
@@ -99,3 +103,20 @@ AUTH_LDAP_FIND_GROUP_PERMS = True
 AUTH_LDAP_CACHE_GROUPS = True
 AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
 ```
+
+!!! info
+"is_active" - You must map all users to at least this group if you want their account to be treated as enabled. Without this, your users cannot log in.
+
+"is_staff" - Users mapped to this group are enabled for access to the Administration tools; this is the equivalent of checking the "Staff status" box on a manually created user. This doesn't necessarily imply additional privileges, which still needed to be assigned via a group, or on a per-user basis.
+
+"is_superuser" - Users mapped to this group in addition to the "is_staff" group will be assumed to have full permissions to all modules. Without also being mapped to "is_staff", this group observably has no impact to your effective permissions.
+
+!!! info
+It is also possible map user attributes to Django attributes:
+
+```no-highlight
+AUTH_LDAP_USER_ATTR_MAP = {
+"first_name": "givenName",
+"last_name": "sn"
+}
+```