2 files changed, 24 insertions, 19 deletions

diff --git a/config/config.exs b/config/config.exs
index cd9a2539f..47ddfac5a 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -612,14 +612,17 @@ config :pleroma, Pleroma.Formatter,
 
 config :pleroma, :ldap,
   enabled: System.get_env("LDAP_ENABLED") == "true",
-  host: System.get_env("LDAP_HOST") || "localhost",
-  port: String.to_integer(System.get_env("LDAP_PORT") || "389"),
+  host: System.get_env("LDAP_HOST", "localhost"),
+  port: String.to_integer(System.get_env("LDAP_PORT", "389")),
   ssl: System.get_env("LDAP_SSL") == "true",
   sslopts: [],
   tls: System.get_env("LDAP_TLS") == "true",
   tlsopts: [],
-  base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
-  uid: System.get_env("LDAP_UID") || "cn"
+  base: System.get_env("LDAP_BASE", "dc=example,dc=com"),
+  uid: System.get_env("LDAP_UID", "cn"),
+  # defaults to CAStore's Mozilla roots
+  cacertfile: System.get_env("LDAP_CACERTFILE", nil),
+  mail: System.get_env("LDAP_MAIL", "mail")
 
 oauth_consumer_strategies =
   System.get_env("OAUTH_CONSUMER_STRATEGIES")
diff --git a/config/description.exs b/config/description.exs
index 15faecb38..47f4771eb 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -2241,15 +2241,9 @@ config :pleroma, :config_description, [
         label: "SSL options",
         type: :keyword,
         description: "Additional SSL options",
-        suggestions: [cacertfile: "path/to/file/with/PEM/cacerts", verify: :verify_peer],
+        suggestions: [verify: :verify_peer],
         children: [
           %{
-            key: :cacertfile,
-            type: :string,
-            description: "Path to file with PEM encoded cacerts",
-            suggestions: ["path/to/file/with/PEM/cacerts"]
-          },
-          %{
             key: :verify,
             type: :atom,
             description: "Type of cert verification",
@@ -2268,15 +2262,9 @@ config :pleroma, :config_description, [
         label: "TLS options",
         type: :keyword,
         description: "Additional TLS options",
-        suggestions: [cacertfile: "path/to/file/with/PEM/cacerts", verify: :verify_peer],
+        suggestions: [verify: :verify_peer],
         children: [
           %{
-            key: :cacertfile,
-            type: :string,
-            description: "Path to file with PEM encoded cacerts",
-            suggestions: ["path/to/file/with/PEM/cacerts"]
-          },
-          %{
             key: :verify,
             type: :atom,
             description: "Type of cert verification",
@@ -2292,11 +2280,25 @@ config :pleroma, :config_description, [
       },
       %{
         key: :uid,
-        label: "UID",
+        label: "UID Attribute",
         type: :string,
         description:
           "LDAP attribute name to authenticate the user, e.g. when \"cn\", the filter will be \"cn=username,base\"",
         suggestions: ["cn"]
+      },
+      %{
+        key: :cacertfile,
+        label: "CACertfile",
+        type: :string,
+        description: "Path to CA certificate file"
+      },
+      %{
+        key: :mail,
+        label: "Mail Attribute",
+        type: :string,
+        description:
+          "LDAP attribute name to use as the email address when automatically registering the user on first login",
+        suggestions: ["mail"]
       }
     ]
   },