From 66ccf2d9f64f8e0a13e7664daa971d001dd630fb Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Fri, 13 Jan 2017 12:20:38 -0500
Subject: [PATCH] Document the `auto_link_ldap_user` setting

---
 doc/integration/omniauth.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md
index 4c933cef9b7..98a680d0dbe 100644
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -41,6 +41,9 @@ that are in common for all providers that we need to consider.
 - `allow_single_sign_on` allows you to specify the providers you want to allow to
   automatically create an account. It defaults to `false`. If `false` users must
   be created manually or they will not be able to sign in via OmniAuth.
+- `auto_link_ldap_user` can be used if you have [LDAP / ActiveDirectory](ldap.md)
+  integration enabled. It defaults to false. When enabled, users automatically
+  created through OmniAuth will be linked to their LDAP entry as well.
 - `block_auto_created_users` defaults to `true`. If `true` auto created users will
   be blocked by default and will have to be unblocked by an administrator before
   they are able to sign in.
@@ -52,6 +55,10 @@ SAML, Shibboleth, Crowd or Google, or set it to `false` otherwise any user on
 the Internet will be able to successfully sign in to your GitLab without
 administrative approval.
 
+>**Note:**
+`auto_link_ldap_user` requires the `uid` of the user to be the same in both LDAP
+and the OmniAuth provider.
+
 To change these settings:
 
 * **For omnibus package**
@@ -72,6 +79,7 @@ To change these settings:
     # using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
     # User accounts will be created automatically when authentication was successful.
     gitlab_rails['omniauth_allow_single_sign_on'] = ['saml', 'twitter']
+    gitlab_rails['omniauth_auto_link_ldap_user'] = true
     gitlab_rails['omniauth_block_auto_created_users'] = true
     ```
 
@@ -99,6 +107,8 @@ To change these settings:
         # User accounts will be created automatically when authentication was successful.
         allow_single_sign_on: ["saml", "twitter"]
 
+        auto_link_ldap_user: true
+
         # Locks down those users until they have been cleared by the admin (default: true).
         block_auto_created_users: true
     ```