From 1b1a320c8711825f71cba77ab611d303dc06dbda Mon Sep 17 00:00:00 2001
From: Nickolay Ponomarev <Nickolay.Ponomarev@glowbyteconsulting.com>
Date: Sat, 5 Oct 2019 04:52:35 +0300
Subject: [PATCH] Further improve the README

Note the default behavior of `LDAP_USER_OBJECT_FILTER`.

Compare the groups and the blueprints examples, and note that the
groups examples additionally shows how to use `@login_required` (this
was hard to find!)
---
 README.md | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 1546392..d9cd050 100644
--- a/README.md
+++ b/README.md
@@ -43,11 +43,18 @@ if __name__ == '__main__':
     app.run()
 ```
 
-You can take a look at [examples/groups](examples/groups) for a more complete 
-example using LDAP groups.
-
-You can also take a look at [examples/blueprints](examples/blueprints) for an 
-example using Flask's 
+When the user visits the protected URL, the browser will prompt for the
+login and password via the built-in HTTP authentication window. Note that
+with the default value of `LDAP_USER_OBJECT_FILTER` the login is expected
+to match the [`userPrincipalName` attribute](https://ldapwiki.com/wiki/UserPrincipalName)
+of the LDAP user, e.g. `me@mydomain.com`.
+
+Once you get the basic example working, check out the more complex ones:
+
+* [examples/groups](examples/groups) demostrates using:
+  * `@ldap.login_required` for form/cookie-based auth, instead of basic HTTP authentication.
+  * `@ldap.group_required()` to restrict access to pages based on the user's LDAP groups.
+* [examples/blueprints](examples/blueprints) implements the same functionality, but uses Flask's 
 [application factories](http://flask.pocoo.org/docs/patterns/appfactories/) 
 and [blueprints](http://flask.pocoo.org/docs/blueprints/).
 
-- 
GitLab