kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Update ldap#security section

Browse source
This commit is contained in:
George Koltsov 2019-08-02 06:32:03 +00:00 committed by Evan Read
parent 919ff57611
commit 3519111296
1 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
doc/administration/auth/ldap.md
View file

@ -33,15 +33,18 @@ information services over an Internet Protocol (IP) network.
## Security
GitLab assumes that LDAP users are not able to change their LDAP 'mail', 'email'
or 'userPrincipalName' attribute. An LDAP user who is allowed to change their
email on the LDAP server can potentially
[take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users)
on your GitLab server.
GitLab assumes that LDAP users:
- Are not able to change their LDAP `mail`, `email`, or `userPrincipalName` attribute.
An LDAP user who is allowed to change their email on the LDAP server can potentially
[take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users)
on your GitLab server.
- Have unique email addresses, otherwise it is possible for LDAP users with the same
email address to share the same GitLab account.
We recommend against using LDAP integration if your LDAP users are
allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on
the LDAP server.
allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on
the LDAP server or share email addresses.
### User deletion