Skip to content

G
gitlab-ce
Commit 98ff4131 authored by Jacob Vosmaer's avatar Jacob Vosmaer
Browse files
Options

LDAP users should not control their LDAP email

parent 79aac2c1
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 0 deletions
doc/integration/ldap.md
View file @ 98ff4131
...@@ -6,6 +6,13 @@ The first time a user signs in with LDAP credentials, GitLab will create a new G ...@@ -6,6 +6,13 @@ The first time a user signs in with LDAP credentials, GitLab will create a new G
GitLab user attributes such as nickname and email will be copied from the LDAP user entry. GitLab user attributes such as nickname and email will be copied from the LDAP user entry.
## Security
GitLab assumes that LDAP users are not able to change their LDAP 'mail', 'email' or 'userPrincipalName' attribute.
An LDAP user who is allowed to change their email on the LDAP server can [take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users) on your GitLab server.
We recommend against using GitLab LDAP integration if your LDAP users are allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on the LDAP server.
## Configuring GitLab for LDAP integration ## Configuring GitLab for LDAP integration
To enable GitLab LDAP integration you need to add your LDAP server settings in `/etc/gitlab/gitlab.rb` or `/home/git/gitlab/config/gitlab.yml`. To enable GitLab LDAP integration you need to add your LDAP server settings in `/etc/gitlab/gitlab.rb` or `/home/git/gitlab/config/gitlab.yml`.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7