Make it clear that host and uri can take multiple parameters.

URI is now supported for more than just openldap
nsswitch.conf does't accept "compat"

diff --git a/README.LDAP b/README.LDAP
index 39d47f66f2eecf354850e86945544eb6335cf329..62c973058f8915578ef75627e81a8fa082045f16 100644 (file)
--- a/README.LDAP
+++ b/README.LDAP
@@ -212,15 +212,19 @@ option.
 Make sure you sudoers_base matches exactly with the location you specified
 when you imported the sudoers.  Below is an example /etc/ldap.conf
 
-  # Either specify a URI or host and port.
-  # If neither is specified sudo will default to localhost port 389.
+  # Either specify one or more URIs or one or more host:port pairs.
+  # If neither is specified sudo will default to localhost, port 389.
+  #
   #host          ldapserver
+  #host          ldapserver1 ldapserver2:390
+  #
+  # Default port if host is specified without one, defaults to 389.
   #port          389
   #
-  # URI will override host & port settings but only works with LDAP
-  # SDK's that support ldap_initialize() such as OpenLDAP.
+  # URI will override the host and port settings.
   uri            ldap://ldapserver
   #uri            ldaps://secureldapserver
+  #uri            ldaps://secureldapserver ldap://ldapserver
   #
   # must be set or sudo will ignore LDAP
   sudoers_base   ou=SUDOers,dc=example,dc=com
@@ -372,7 +376,6 @@ Starting with version 1.7, sudo consults nsswitch.conf for the search order.
 The following sources are recognized.
     files      read sudoers from a file (usually /etc/sudoers)
     ldap       read sudoers from LDAP
-    compat     behave as if no nsswitch.conf was present
 
 I addition, the entry "[NOTFOUND=return]" will short-circuit the
 search if the user was not found in the preceding source.