Add config changes for mutliple LDAP support (EE only)

parent a7e071e9
...@@ -134,44 +134,66 @@ production: &base ...@@ -134,44 +134,66 @@ production: &base
# bundle exec rake gitlab:ldap:check RAILS_ENV=production # bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap: ldap:
enabled: false enabled: false
host: '_your_ldap_server' servers:
port: 636 -
uid: 'sAMAccountName' ## provider_id
method: 'ssl' # "tls" or "ssl" or "plain" #
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' # This identifier is used by GitLab to keep track of which LDAP server each
password: '_the_password_of_the_bind_user' # GitLab user belongs to. Each LDAP server known to GitLab should have a unique
# provider_id. This identifier cannot be changed once users from the LDAP server
# This setting specifies if LDAP server is Active Directory LDAP server. # have started logging in to GitLab.
# For non AD servers it skips the AD specific queries. #
# If your LDAP server is not AD, set this to false. # Format: one word, using a-z (lower case) and 0-9
active_directory: true # Example: 'paris' or 'uswest2'
# If allow_username_or_email_login is enabled, GitLab will ignore everything provider_id: main
# after the first '@' in the LDAP username submitted by the user on login.
# ## label
# Example: #
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; # A human-friendly name for your LDAP server. It is OK to change the label later,
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. # for instance if you find out it is too large to fit on the web page.
# #
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to # Example: 'Paris' or 'Acme, Ltd.'
# disable this setting, because the userPrincipalName contains an '@'.
allow_username_or_email_login: false label: 'LDAP'
# Base where we can search for users host: '_your_ldap_server'
# port: 636
# Ex. ou=People,dc=gitlab,dc=example uid: 'sAMAccountName'
# method: 'ssl' # "tls" or "ssl" or "plain"
base: '' bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
# Filter LDAP users
# # This setting specifies if LDAP server is Active Directory LDAP server.
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515 # For non AD servers it skips the AD specific queries.
# Ex. (employeeType=developer) # If your LDAP server is not AD, set this to false.
# active_directory: true
# Note: GitLab does not support omniauth-ldap's custom filter syntax.
# # If allow_username_or_email_login is enabled, GitLab will ignore everything
user_filter: '' # after the first '@' in the LDAP username submitted by the user on login.
#
# Example:
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
#
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
# disable this setting, because the userPrincipalName contains an '@'.
allow_username_or_email_login: false
# Base where we can search for users
#
# Ex. ou=People,dc=gitlab,dc=example
#
base: ''
# Filter LDAP users
#
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515
# Ex. (employeeType=developer)
#
# Note: GitLab does not support omniauth-ldap's custom filter syntax.
#
user_filter: ''
## OmniAuth settings ## OmniAuth settings
omniauth: omniauth:
...@@ -299,6 +321,21 @@ test: ...@@ -299,6 +321,21 @@ test:
project_url: "http://redmine/projects/:issues_tracker_id" project_url: "http://redmine/projects/:issues_tracker_id"
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
ldap:
enabled: false
servers:
-
provider_id: main
label: ldap
host: 127.0.0.1
port: 3890
uid: 'uid'
method: 'plain' # "tls" or "ssl" or "plain"
base: 'dc=example,dc=com'
user_filter: ''
group_base: 'ou=groups,dc=example,dc=com'
admin_group: ''
sync_ssh_keys: false
staging: staging:
<<: *base <<: *base
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment