diff options
| author | Michael Kozono <mkozono@gmail.com> | 2017-06-06 11:16:17 -0700 |
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2017-07-26 02:43:32 -0700 |
| commit | 6dbff9663de072279bd027e8e3e453b732f75977 (patch) | |
| tree | 4f6ffeded383dc6df05a0f26f9cf5edd0fae3544 /config | |
| parent | 8ab29d569e8c0019bbe458dea6f05a9894f0711a (diff) | |
| download | gitlab-ce-6dbff9663de072279bd027e8e3e453b732f75977.tar.gz | |
Add LDAP config options
Diffstat (limited to 'config')
| -rw-r--r-- | config/gitlab.yml.example | 30 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 5 |
2 files changed, 34 insertions, 1 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index cb007813b65..8ddd9bab4e6 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -254,10 +254,38 @@ production: &base host: '_your_ldap_server' port: 389 uid: 'sAMAccountName' - method: 'plain' # "tls" or "ssl" or "plain" bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' password: '_the_password_of_the_bind_user' + # Encryption method. The "method" key is deprecated in favor of + # "encryption". + # + # Examples: "start_tls" or "simple_tls" or "plain" + # + # Deprecated values: "tls" was replaced with "start_tls" and "ssl" was + # replaced with "simple_tls". + # + encryption: 'plain' + + # Enables SSL certificate verification if encryption method is + # "start_tls" or "simple_tls". (Defaults to false for backward- + # compatibility) + verify_certificates: false + + # Specifies the path to a file containing a PEM-format CA certificate, + # e.g. if you need to use an internal CA. + # + # Example: '/etc/ca.pem' + # + ca_cert: '' + + # Specifies the SSL version for OpenSSL to use, if the OpenSSL default + # is not appropriate. + # + # Example: 'TLSv1_1' + # + ssl_version: '' + # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking # a request if the LDAP server becomes unresponsive. # A value of 0 means there is no timeout. diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index ec7ce51b542..9344a42540b 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -145,6 +145,11 @@ if Settings.ldap['enabled'] || Rails.env.test? server['attributes'] = {} if server['attributes'].nil? server['provider_name'] ||= "ldap#{key}".downcase server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name']) + server['encryption'] ||= server['method'] # for backwards compatibility + + # Certificates are not verified for backwards compatibility. + # This default should be flipped to true in 9.5. + server['verify_certificates'] = false if server['verify_certificates'].nil? end end |