summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorAlex Lossent <alexandre.lossent@cern.ch>2015-06-02 12:01:29 +0200
committerAlex Lossent <alexandre.lossent@cern.ch>2015-06-03 11:46:20 +0200
commitdfcea8ed514c7ef1aea78ce15525e617a10bf6bb (patch)
tree40554eb7954cdb4593508302282af7d33ff4cce1 /config
parent41d4aaa4be6ef39a97e07dedbeda839b5667f221 (diff)
downloadgitlab-ce-dfcea8ed514c7ef1aea78ce15525e617a10bf6bb.tar.gz
Add option to automatically link omniauth and LDAP identities
Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.
Diffstat (limited to 'config')
-rw-r--r--config/gitlab.yml.example3
-rw-r--r--config/initializers/1_settings.rb3
2 files changed, 6 insertions, 0 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index c7f22b9388b..787b3ccfc56 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -192,6 +192,9 @@ production: &base
allow_single_sign_on: false
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users: true
+ # Look up new users in LDAP servers. If a match is found (same uid), automatically
+ # link the omniauth identity with the LDAP account. (default: false)
+ auto_link_ldap_user: false
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index c234bd69e9a..1bd14a3a89f 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -88,6 +88,9 @@ end
Settings['omniauth'] ||= Settingslogic.new({})
Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil?
Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil?
+Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil?
+Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block_auto_created_users'].nil?
+Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil?
Settings.omniauth['providers'] ||= []