Merge branch 'feature-multiple-ldap-servers' into 'master'

Feature multiple ldap servers Update the code so Gitlab-EE can support multiple LDAP servers See merge request !1172
author: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2014-10-14 15:01:37 +0000
committer: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2014-10-14 15:01:37 +0000
commit: e3bd17a7ba5238c147a79d0770e8503fd913610c (patch)
tree: 4833babe1357f34f9f856e45b139f8b86bceaa3a /config/gitlab.yml.example
parent: 4bebdc09463e29d26eac0117e0e3b45a9448c600 (diff)
parent: b4f7b387d0dfaef1766a82040249abb933632930 (diff)
download: gitlab-ce-e3bd17a7ba5238c147a79d0770e8503fd913610c.tar.gz
1 files changed, 69 insertions, 37 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 7f624f92a8b..e7a8d08dc83 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -135,43 +135,61 @@ production: &base
   #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
   ldap:
     enabled: false
-    host: '_your_ldap_server'
-    port: 636
-    uid: 'sAMAccountName'
-    method: 'ssl' # "tls" or "ssl" or "plain"
-    bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-    password: '_the_password_of_the_bind_user'
-
-    # This setting specifies if LDAP server is Active Directory LDAP server.
-    # For non AD servers it skips the AD specific queries.
-    # If your LDAP server is not AD, set this to false.
-    active_directory: true
-
-    # If allow_username_or_email_login is enabled, GitLab will ignore everything
-    # after the first '@' in the LDAP username submitted by the user on login.
-    #
-    # Example:
-    # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
-    # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
-    #
-    # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
-    # disable this setting, because the userPrincipalName contains an '@'.
-    allow_username_or_email_login: false
-
-    # Base where we can search for users
-    #
-    #   Ex. ou=People,dc=gitlab,dc=example
-    #
-    base: ''
-
-    # Filter LDAP users
-    #
-    #   Format: RFC 4515 http://tools.ietf.org/search/rfc4515
-    #   Ex. (employeeType=developer)
-    #
-    #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
-    #
-    user_filter: ''
+    servers:
+      main: # 'main' is the GitLab 'provider ID' of this LDAP server
+        ## label
+        #
+        # A human-friendly name for your LDAP server. It is OK to change the label later,
+        # for instance if you find out it is too large to fit on the web page.
+        #
+        # Example: 'Paris' or 'Acme, Ltd.'
+        label: 'LDAP'
+
+        host: '_your_ldap_server'
+        port: 636
+        uid: 'sAMAccountName'
+        method: 'ssl' # "tls" or "ssl" or "plain"
+        bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+        password: '_the_password_of_the_bind_user'
+
+        # This setting specifies if LDAP server is Active Directory LDAP server.
+        # For non AD servers it skips the AD specific queries.
+        # If your LDAP server is not AD, set this to false.
+        active_directory: true
+
+        # If allow_username_or_email_login is enabled, GitLab will ignore everything
+        # after the first '@' in the LDAP username submitted by the user on login.
+        #
+        # Example:
+        # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
+        # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
+        #
+        # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
+        # disable this setting, because the userPrincipalName contains an '@'.
+        allow_username_or_email_login: false
+
+        # Base where we can search for users
+        #
+        #   Ex. ou=People,dc=gitlab,dc=example
+        #
+        base: ''
+
+        # Filter LDAP users
+        #
+        #   Format: RFC 4515 http://tools.ietf.org/search/rfc4515
+        #   Ex. (employeeType=developer)
+        #
+        #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
+        #
+        user_filter: ''
+
+      # GitLab EE only: add more LDAP servers
+      # Choose an ID made of a-z and 0-9 . This ID will be stored in the database
+      # so that GitLab can remember which LDAP server a user belongs to.
+      # uswest2:
+      #   label:
+      #   host:
+      #   ....
 
 
   ## OmniAuth settings
@@ -300,6 +318,20 @@ test:
       project_url: "http://redmine/projects/:issues_tracker_id"
       issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
       new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
+  ldap:
+    enabled: false
+    servers:
+      main:
+        label: ldap
+        host: 127.0.0.1
+        port: 3890
+        uid: 'uid'
+        method: 'plain' # "tls" or "ssl" or "plain"
+        base: 'dc=example,dc=com'
+        user_filter: ''
+        group_base: 'ou=groups,dc=example,dc=com'
+        admin_group: ''
+        sync_ssh_keys: false
 
 staging:
   <<: *base
author	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2014-10-14 15:01:37 +0000
committer	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2014-10-14 15:01:37 +0000
commit	e3bd17a7ba5238c147a79d0770e8503fd913610c (patch)
tree	4833babe1357f34f9f856e45b139f8b86bceaa3a /config/gitlab.yml.example
parent	4bebdc09463e29d26eac0117e0e3b45a9448c600 (diff)
parent	b4f7b387d0dfaef1766a82040249abb933632930 (diff)
download	gitlab-ce-e3bd17a7ba5238c147a79d0770e8503fd913610c.tar.gz