diff options
| author | Robert Speicher <robert@gitlab.com> | 2015-09-16 18:34:55 +0000 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2015-09-16 18:34:55 +0000 |
| commit | 09bcce7d1f29a175734cdf97e33b8ffb1182f02d (patch) | |
| tree | 2991e3a96a5c5a6457ac9c209bd9b5aff14d36c9 /config | |
| parent | a0aa6453bd0099a0e1d0bfd6725fff8aaa9d29a9 (diff) | |
| parent | 84d57bc70391f0419bc60c8fcffb3694078d8fb9 (diff) | |
| download | gitlab-ce-09bcce7d1f29a175734cdf97e33b8ffb1182f02d.tar.gz | |
Merge branch 'ldap-attributes' into 'master'
Allow configuration of LDAP attributes GitLab will use for the new user account.
Fixes #2412.
See merge request !1261
Diffstat (limited to 'config')
| -rw-r--r-- | config/gitlab.yml.example | 22 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 1 |
2 files changed, 22 insertions, 1 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index b2bd8796004..0005d44e0f2 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -159,7 +159,7 @@ production: &base method: 'plain' # "tls" or "ssl" or "plain" bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' password: '_the_password_of_the_bind_user' - + # This setting specifies if LDAP server is Active Directory LDAP server. # For non AD servers it skips the AD specific queries. # If your LDAP server is not AD, set this to false. @@ -196,6 +196,26 @@ production: &base # user_filter: '' + # LDAP attributes that GitLab will use to create an account for the LDAP user. + # The specified attribute can either be the attribute name as a string (e.g. 'mail'), + # or an array of attribute names to try in order (e.g. ['mail', 'email']). + # Note that the user's LDAP login will always be the attribute specified as `uid` above. + attributes: + # The username will be used in paths for the user's own projects + # (like `gitlab.example.com/username/project`) and when mentioning + # them in issues, merge request and comments (like `@username`). + # If the attribute specified for `username` contains an email address, + # the GitLab username will be the part of the email address before the '@'. + username: ['uid', 'userid', 'sAMAccountName'] + email: ['mail', 'email', 'userPrincipalName'] + + # If no full name could be found at the attribute specified for `name`, + # the full name is determined using the attributes specified for + # `first_name` and `last_name`. + name: 'cn' + first_name: 'givenName' + last_name: 'sn' + # GitLab EE only: add more LDAP servers # Choose an ID made of a-z and 0-9 . This ID will be stored in the database # so that GitLab can remember which LDAP server a user belongs to. diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 339419559d1..fe81ffd4205 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -109,6 +109,7 @@ if Settings.ldap['enabled'] || Rails.env.test? server['block_auto_created_users'] = false if server['block_auto_created_users'].nil? server['allow_username_or_email_login'] = false if server['allow_username_or_email_login'].nil? server['active_directory'] = true if server['active_directory'].nil? + server['attributes'] = {} if server['attributes'].nil? server['provider_name'] ||= "ldap#{key}".downcase server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name']) end |