From 0c3745a59238f47eca8a89c198ca70ff2f63f3ec Mon Sep 17 00:00:00 2001
From: Thomas Hackl <thomas.hackl@uni-passau.de>
Date: Thu, 28 Nov 2013 10:28:27 +0100
Subject: [PATCH] Better documentation in README

---
 README.md | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index bc8260c..8f95b4a 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,22 @@
-LDAP password expiry checker
-============================
+# LDAP password expiry checker
+LDAP Users must change their password regularly according to the password policy.
 
-LDAP Users must change their password regularly according to the password
-policy.
+When the old password isn't valid anymore but hasn't been changed yet, there's a grace period of six logins before the account is suspended. The plugin shows a reminder before password expiration and another reminder if only less than six logins remain before account suspension because of password expiration.
 
-When the old password isn't valid anymore but hasn't been changed yet, there's
-a grace period of six logins before the account is suspended. The plugin shows
-a reminder before password expiration and another reminder if only less than
-six logins remain before account suspension because of password expiration.
+##Configuration
+The Plugin provides six entries in Stud.IP global configuration, all in the section 'ldappasswordexpiryplugin':
+- *LDAPPASSWORDEXPIRYPLUGIN_AUTHPLUGINS*
+  Comma-separated list of Stud.IP auth plugins that shall be monitored by this plugin.
+- *LDAPPASSWORDEXPIRYPLUGIN_GRACELOGINATTRIBUTE*
+  Name of the LDAP attribute that is used for storing how many grace logins remain until the account is suspended after password expiration. Leave empty if not applicable.
+  Default is "loginGraceRemaining".
+- *LDAPPASSWORDEXPIRYPLUGIN_LOGINLIMITATTRIBUTE*
+  Name of the LDAP attribute that stores the number of grace logins a user has after password expiration. Leave empty if not applicable.
+  Default is "loginGraceLimit".
+- *LDAPPASSWORDEXPIRYPLUGIN_PASSWORDCHANGEURL*
+  URL of a website where users can change their current password. Leave empty if not applicable.
+- *LDAPPASSWORDEXPIRYPLUGIN_PASSWORDEXPIRYATTRIBUTE*
+  Name of the LDAP attribute that shows the password expiry date.
+- *LDAPPASSWORDEXPIRYPLUGIN_WARNINGDAYSBEFORE*
+  How many days before password expiration shall the warning message appear?
+  Default is 7 (one week).
-- 
GitLab