diff options
author | Jan-Willem van der Meer <mail@jewilmeer.nl> | 2014-10-13 13:48:22 +0200 |
---|---|---|
committer | Jan-Willem van der Meer <mail@jewilmeer.nl> | 2014-10-13 13:56:54 +0200 |
commit | 3cd5abf635d32af0aed5f4160707ee3e10938ab6 (patch) | |
tree | 5ab320c73f5656cb80b6a6773621f68e396faa1e /config/gitlab.yml.example | |
parent | a7e071e9822a9803e9d686484298170dade5beb5 (diff) | |
download | gitlab-ce-3cd5abf635d32af0aed5f4160707ee3e10938ab6.tar.gz |
Add config changes for mutliple LDAP support (EE only)
Diffstat (limited to 'config/gitlab.yml.example')
-rw-r--r-- | config/gitlab.yml.example | 113 |
1 files changed, 75 insertions, 38 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 857643c006e..9302dca4ed8 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -134,44 +134,66 @@ production: &base # bundle exec rake gitlab:ldap:check RAILS_ENV=production ldap: enabled: false - host: '_your_ldap_server' - port: 636 - uid: 'sAMAccountName' - method: 'ssl' # "tls" or "ssl" or "plain" - bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' - password: '_the_password_of_the_bind_user' - - # This setting specifies if LDAP server is Active Directory LDAP server. - # For non AD servers it skips the AD specific queries. - # If your LDAP server is not AD, set this to false. - active_directory: true - - # If allow_username_or_email_login is enabled, GitLab will ignore everything - # after the first '@' in the LDAP username submitted by the user on login. - # - # Example: - # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; - # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. - # - # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to - # disable this setting, because the userPrincipalName contains an '@'. - allow_username_or_email_login: false - - # Base where we can search for users - # - # Ex. ou=People,dc=gitlab,dc=example - # - base: '' - - # Filter LDAP users - # - # Format: RFC 4515 http://tools.ietf.org/search/rfc4515 - # Ex. (employeeType=developer) - # - # Note: GitLab does not support omniauth-ldap's custom filter syntax. - # - user_filter: '' - + servers: + - + ## provider_id + # + # This identifier is used by GitLab to keep track of which LDAP server each + # GitLab user belongs to. Each LDAP server known to GitLab should have a unique + # provider_id. This identifier cannot be changed once users from the LDAP server + # have started logging in to GitLab. + # + # Format: one word, using a-z (lower case) and 0-9 + # Example: 'paris' or 'uswest2' + + provider_id: main + + ## label + # + # A human-friendly name for your LDAP server. It is OK to change the label later, + # for instance if you find out it is too large to fit on the web page. + # + # Example: 'Paris' or 'Acme, Ltd.' + + label: 'LDAP' + + host: '_your_ldap_server' + port: 636 + uid: 'sAMAccountName' + method: 'ssl' # "tls" or "ssl" or "plain" + bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' + password: '_the_password_of_the_bind_user' + + # This setting specifies if LDAP server is Active Directory LDAP server. + # For non AD servers it skips the AD specific queries. + # If your LDAP server is not AD, set this to false. + active_directory: true + + # If allow_username_or_email_login is enabled, GitLab will ignore everything + # after the first '@' in the LDAP username submitted by the user on login. + # + # Example: + # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; + # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. + # + # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to + # disable this setting, because the userPrincipalName contains an '@'. + allow_username_or_email_login: false + + # Base where we can search for users + # + # Ex. ou=People,dc=gitlab,dc=example + # + base: '' + + # Filter LDAP users + # + # Format: RFC 4515 http://tools.ietf.org/search/rfc4515 + # Ex. (employeeType=developer) + # + # Note: GitLab does not support omniauth-ldap's custom filter syntax. + # + user_filter: '' ## OmniAuth settings omniauth: @@ -299,6 +321,21 @@ test: project_url: "http://redmine/projects/:issues_tracker_id" issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" + ldap: + enabled: false + servers: + - + provider_id: main + label: ldap + host: 127.0.0.1 + port: 3890 + uid: 'uid' + method: 'plain' # "tls" or "ssl" or "plain" + base: 'dc=example,dc=com' + user_filter: '' + group_base: 'ou=groups,dc=example,dc=com' + admin_group: '' + sync_ssh_keys: false staging: <<: *base |