Add Kerberos LDAP mapping to gitlab.yml.example

Add `simple_ldap_linking_allowed_realms` configuration option and brief explanation to the `gitlab.yml.example` file.

Add Kerberos LDAP mapping to gitlab.yml.example
Add `simple_ldap_linking_allowed_realms` configuration option and brief explanation to the `gitlab.yml.example` file.
c9e47f34 · Drew Blessing · Drew Blessing · 4a1667c4 · c9e47f34
Commit c9e47f34 authored Sep 30, 2020 by Drew Blessing Committed by Drew Blessing Sep 30, 2020
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

config/gitlab.yml.example config/gitlab.yml.example +6 -0

No files found.
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -854,6 +854,12 @@ production: &base
    # (default: accept any service name in keytab file)
    # service_principal_name: HTTP/gitlab.example.com@EXAMPLE.COM

+    # Kerberos realms/domains that are allowed to automatically link LDAP identities.
+    # By default, GitLab accepts a realm that matches the domain derived from the
+    # LDAP `base` DN. For example, `ou=users,dc=example,dc=com` would allow users
+    # with a realm matching `example.com`.
+    # simple_ldap_linking_allowed_realms: ['example.com','kerberos.example.com']
+
    # Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
    # To support both Basic and Negotiate methods with older versions of Git, configure
    # nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines