Add config changes for mutliple LDAP support (EE only)
This commit is contained in:
parent
a7e071e982
commit
3cd5abf635
|
@ -134,44 +134,66 @@ production: &base
|
||||||
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
|
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
|
||||||
ldap:
|
ldap:
|
||||||
enabled: false
|
enabled: false
|
||||||
host: '_your_ldap_server'
|
servers:
|
||||||
port: 636
|
-
|
||||||
uid: 'sAMAccountName'
|
## provider_id
|
||||||
method: 'ssl' # "tls" or "ssl" or "plain"
|
#
|
||||||
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
|
# This identifier is used by GitLab to keep track of which LDAP server each
|
||||||
password: '_the_password_of_the_bind_user'
|
# GitLab user belongs to. Each LDAP server known to GitLab should have a unique
|
||||||
|
# provider_id. This identifier cannot be changed once users from the LDAP server
|
||||||
|
# have started logging in to GitLab.
|
||||||
|
#
|
||||||
|
# Format: one word, using a-z (lower case) and 0-9
|
||||||
|
# Example: 'paris' or 'uswest2'
|
||||||
|
|
||||||
# This setting specifies if LDAP server is Active Directory LDAP server.
|
provider_id: main
|
||||||
# For non AD servers it skips the AD specific queries.
|
|
||||||
# If your LDAP server is not AD, set this to false.
|
|
||||||
active_directory: true
|
|
||||||
|
|
||||||
# If allow_username_or_email_login is enabled, GitLab will ignore everything
|
## label
|
||||||
# after the first '@' in the LDAP username submitted by the user on login.
|
#
|
||||||
#
|
# A human-friendly name for your LDAP server. It is OK to change the label later,
|
||||||
# Example:
|
# for instance if you find out it is too large to fit on the web page.
|
||||||
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
|
#
|
||||||
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
|
# Example: 'Paris' or 'Acme, Ltd.'
|
||||||
#
|
|
||||||
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
|
|
||||||
# disable this setting, because the userPrincipalName contains an '@'.
|
|
||||||
allow_username_or_email_login: false
|
|
||||||
|
|
||||||
# Base where we can search for users
|
label: 'LDAP'
|
||||||
#
|
|
||||||
# Ex. ou=People,dc=gitlab,dc=example
|
|
||||||
#
|
|
||||||
base: ''
|
|
||||||
|
|
||||||
# Filter LDAP users
|
host: '_your_ldap_server'
|
||||||
#
|
port: 636
|
||||||
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515
|
uid: 'sAMAccountName'
|
||||||
# Ex. (employeeType=developer)
|
method: 'ssl' # "tls" or "ssl" or "plain"
|
||||||
#
|
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
|
||||||
# Note: GitLab does not support omniauth-ldap's custom filter syntax.
|
password: '_the_password_of_the_bind_user'
|
||||||
#
|
|
||||||
user_filter: ''
|
|
||||||
|
|
||||||
|
# This setting specifies if LDAP server is Active Directory LDAP server.
|
||||||
|
# For non AD servers it skips the AD specific queries.
|
||||||
|
# If your LDAP server is not AD, set this to false.
|
||||||
|
active_directory: true
|
||||||
|
|
||||||
|
# If allow_username_or_email_login is enabled, GitLab will ignore everything
|
||||||
|
# after the first '@' in the LDAP username submitted by the user on login.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
|
||||||
|
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
|
||||||
|
#
|
||||||
|
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
|
||||||
|
# disable this setting, because the userPrincipalName contains an '@'.
|
||||||
|
allow_username_or_email_login: false
|
||||||
|
|
||||||
|
# Base where we can search for users
|
||||||
|
#
|
||||||
|
# Ex. ou=People,dc=gitlab,dc=example
|
||||||
|
#
|
||||||
|
base: ''
|
||||||
|
|
||||||
|
# Filter LDAP users
|
||||||
|
#
|
||||||
|
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515
|
||||||
|
# Ex. (employeeType=developer)
|
||||||
|
#
|
||||||
|
# Note: GitLab does not support omniauth-ldap's custom filter syntax.
|
||||||
|
#
|
||||||
|
user_filter: ''
|
||||||
|
|
||||||
## OmniAuth settings
|
## OmniAuth settings
|
||||||
omniauth:
|
omniauth:
|
||||||
|
@ -299,6 +321,21 @@ test:
|
||||||
project_url: "http://redmine/projects/:issues_tracker_id"
|
project_url: "http://redmine/projects/:issues_tracker_id"
|
||||||
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
|
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
|
||||||
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
|
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
|
||||||
|
ldap:
|
||||||
|
enabled: false
|
||||||
|
servers:
|
||||||
|
-
|
||||||
|
provider_id: main
|
||||||
|
label: ldap
|
||||||
|
host: 127.0.0.1
|
||||||
|
port: 3890
|
||||||
|
uid: 'uid'
|
||||||
|
method: 'plain' # "tls" or "ssl" or "plain"
|
||||||
|
base: 'dc=example,dc=com'
|
||||||
|
user_filter: ''
|
||||||
|
group_base: 'ou=groups,dc=example,dc=com'
|
||||||
|
admin_group: ''
|
||||||
|
sync_ssh_keys: false
|
||||||
|
|
||||||
staging:
|
staging:
|
||||||
<<: *base
|
<<: *base
|
||||||
|
|
Loading…
Reference in New Issue