summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorJan-Willem van der Meer <mail@jewilmeer.nl>2014-10-13 13:48:22 +0200
committerJan-Willem van der Meer <mail@jewilmeer.nl>2014-10-13 13:56:54 +0200
commit3cd5abf635d32af0aed5f4160707ee3e10938ab6 (patch)
tree5ab320c73f5656cb80b6a6773621f68e396faa1e /config
parenta7e071e9822a9803e9d686484298170dade5beb5 (diff)
downloadgitlab-ce-3cd5abf635d32af0aed5f4160707ee3e10938ab6.tar.gz
Add config changes for mutliple LDAP support (EE only)
Diffstat (limited to 'config')
-rw-r--r--config/gitlab.yml.example113
1 files changed, 75 insertions, 38 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 857643c006e..9302dca4ed8 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -134,44 +134,66 @@ production: &base
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: false
- host: '_your_ldap_server'
- port: 636
- uid: 'sAMAccountName'
- method: 'ssl' # "tls" or "ssl" or "plain"
- bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
- password: '_the_password_of_the_bind_user'
-
- # This setting specifies if LDAP server is Active Directory LDAP server.
- # For non AD servers it skips the AD specific queries.
- # If your LDAP server is not AD, set this to false.
- active_directory: true
-
- # If allow_username_or_email_login is enabled, GitLab will ignore everything
- # after the first '@' in the LDAP username submitted by the user on login.
- #
- # Example:
- # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
- # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
- #
- # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
- # disable this setting, because the userPrincipalName contains an '@'.
- allow_username_or_email_login: false
-
- # Base where we can search for users
- #
- # Ex. ou=People,dc=gitlab,dc=example
- #
- base: ''
-
- # Filter LDAP users
- #
- # Format: RFC 4515 http://tools.ietf.org/search/rfc4515
- # Ex. (employeeType=developer)
- #
- # Note: GitLab does not support omniauth-ldap's custom filter syntax.
- #
- user_filter: ''
-
+ servers:
+ -
+ ## provider_id
+ #
+ # This identifier is used by GitLab to keep track of which LDAP server each
+ # GitLab user belongs to. Each LDAP server known to GitLab should have a unique
+ # provider_id. This identifier cannot be changed once users from the LDAP server
+ # have started logging in to GitLab.
+ #
+ # Format: one word, using a-z (lower case) and 0-9
+ # Example: 'paris' or 'uswest2'
+
+ provider_id: main
+
+ ## label
+ #
+ # A human-friendly name for your LDAP server. It is OK to change the label later,
+ # for instance if you find out it is too large to fit on the web page.
+ #
+ # Example: 'Paris' or 'Acme, Ltd.'
+
+ label: 'LDAP'
+
+ host: '_your_ldap_server'
+ port: 636
+ uid: 'sAMAccountName'
+ method: 'ssl' # "tls" or "ssl" or "plain"
+ bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+ password: '_the_password_of_the_bind_user'
+
+ # This setting specifies if LDAP server is Active Directory LDAP server.
+ # For non AD servers it skips the AD specific queries.
+ # If your LDAP server is not AD, set this to false.
+ active_directory: true
+
+ # If allow_username_or_email_login is enabled, GitLab will ignore everything
+ # after the first '@' in the LDAP username submitted by the user on login.
+ #
+ # Example:
+ # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
+ # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
+ #
+ # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
+ # disable this setting, because the userPrincipalName contains an '@'.
+ allow_username_or_email_login: false
+
+ # Base where we can search for users
+ #
+ # Ex. ou=People,dc=gitlab,dc=example
+ #
+ base: ''
+
+ # Filter LDAP users
+ #
+ # Format: RFC 4515 http://tools.ietf.org/search/rfc4515
+ # Ex. (employeeType=developer)
+ #
+ # Note: GitLab does not support omniauth-ldap's custom filter syntax.
+ #
+ user_filter: ''
## OmniAuth settings
omniauth:
@@ -299,6 +321,21 @@ test:
project_url: "http://redmine/projects/:issues_tracker_id"
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
+ ldap:
+ enabled: false
+ servers:
+ -
+ provider_id: main
+ label: ldap
+ host: 127.0.0.1
+ port: 3890
+ uid: 'uid'
+ method: 'plain' # "tls" or "ssl" or "plain"
+ base: 'dc=example,dc=com'
+ user_filter: ''
+ group_base: 'ou=groups,dc=example,dc=com'
+ admin_group: ''
+ sync_ssh_keys: false
staging:
<<: *base