From 3cd5abf635d32af0aed5f4160707ee3e10938ab6 Mon Sep 17 00:00:00 2001
From: Jan-Willem van der Meer <mail@jewilmeer.nl>
Date: Mon, 13 Oct 2014 13:48:22 +0200
Subject: [PATCH] Add config changes for mutliple LDAP support (EE only)

---
 config/gitlab.yml.example | 103 ++++++++++++++++++++++++++------------
 1 file changed, 70 insertions(+), 33 deletions(-)

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 857643c006e..9302dca4ed8 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -134,44 +134,66 @@ production: &base
   #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
   ldap:
     enabled: false
-    host: '_your_ldap_server'
-    port: 636
-    uid: 'sAMAccountName'
-    method: 'ssl' # "tls" or "ssl" or "plain"
-    bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-    password: '_the_password_of_the_bind_user'
+    servers:
+      -
+        ## provider_id
+        #
+        # This identifier is used by GitLab to keep track of which LDAP server each
+        # GitLab user belongs to. Each LDAP server known to GitLab should have a unique
+        # provider_id. This identifier cannot be changed once users from the LDAP server
+        # have started logging in to GitLab.
+        #
+        # Format: one word, using a-z (lower case) and 0-9
+        # Example: 'paris' or 'uswest2'
 
-    # This setting specifies if LDAP server is Active Directory LDAP server.
-    # For non AD servers it skips the AD specific queries.
-    # If your LDAP server is not AD, set this to false.
-    active_directory: true
+        provider_id: main
 
-    # If allow_username_or_email_login is enabled, GitLab will ignore everything
-    # after the first '@' in the LDAP username submitted by the user on login.
-    #
-    # Example:
-    # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
-    # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
-    #
-    # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
-    # disable this setting, because the userPrincipalName contains an '@'.
-    allow_username_or_email_login: false
+        ## label
+        #
+        # A human-friendly name for your LDAP server. It is OK to change the label later,
+        # for instance if you find out it is too large to fit on the web page.
+        #
+        # Example: 'Paris' or 'Acme, Ltd.'
 
-    # Base where we can search for users
-    #
-    #   Ex. ou=People,dc=gitlab,dc=example
-    #
-    base: ''
+        label: 'LDAP'
 
-    # Filter LDAP users
-    #
-    #   Format: RFC 4515 http://tools.ietf.org/search/rfc4515
-    #   Ex. (employeeType=developer)
-    #
-    #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
-    #
-    user_filter: ''
+        host: '_your_ldap_server'
+        port: 636
+        uid: 'sAMAccountName'
+        method: 'ssl' # "tls" or "ssl" or "plain"
+        bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+        password: '_the_password_of_the_bind_user'
 
+        # This setting specifies if LDAP server is Active Directory LDAP server.
+        # For non AD servers it skips the AD specific queries.
+        # If your LDAP server is not AD, set this to false.
+        active_directory: true
+
+        # If allow_username_or_email_login is enabled, GitLab will ignore everything
+        # after the first '@' in the LDAP username submitted by the user on login.
+        #
+        # Example:
+        # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
+        # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
+        #
+        # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
+        # disable this setting, because the userPrincipalName contains an '@'.
+        allow_username_or_email_login: false
+
+        # Base where we can search for users
+        #
+        #   Ex. ou=People,dc=gitlab,dc=example
+        #
+        base: ''
+
+        # Filter LDAP users
+        #
+        #   Format: RFC 4515 http://tools.ietf.org/search/rfc4515
+        #   Ex. (employeeType=developer)
+        #
+        #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
+        #
+        user_filter: ''
 
   ## OmniAuth settings
   omniauth:
@@ -299,6 +321,21 @@ test:
       project_url: "http://redmine/projects/:issues_tracker_id"
       issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
       new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
+  ldap:
+    enabled: false
+    servers:
+      -
+        provider_id: main
+        label: ldap
+        host: 127.0.0.1
+        port: 3890
+        uid: 'uid'
+        method: 'plain' # "tls" or "ssl" or "plain"
+        base: 'dc=example,dc=com'
+        user_filter: ''
+        group_base: 'ou=groups,dc=example,dc=com'
+        admin_group: ''
+        sync_ssh_keys: false
 
 staging:
   <<: *base