Merge remote-tracking branch 'origin/master' into repo-bugsrepo-bugs

author: Luke "Jared" Bennett <lbennett@gitlab.com> 2017-08-31 09:17:23 +0100
committer: Luke "Jared" Bennett <lbennett@gitlab.com> 2017-08-31 09:17:23 +0100
commit: f884a4bbd7ccaf448e0d998711d20497cef6ac71 (patch)
tree: 65c9b70b58dea175d188114ce066cd17baf12888 /doc/administration/auth/ldap.md
parent: 32a68328d719327d26e82684cdf354ed25598416 (diff)
parent: 3e092caa91853afeab3bb01be10869e45c39de5d (diff)
download: gitlab-ce-f884a4bbd7ccaf448e0d998711d20497cef6ac71.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md
index 425c924cdf2..d22815dfa5e 100644
--- a/doc/administration/auth/ldap.md
+++ b/doc/administration/auth/ldap.md
@@ -87,9 +87,12 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server
   encryption: 'plain'
 
   # Enables SSL certificate verification if encryption method is
-  # "start_tls" or "simple_tls". (Defaults to false for backward-
-  # compatibility)
-  verify_certificates: false
+  # "start_tls" or "simple_tls". Defaults to true since GitLab 10.0 for
+  # security. This may break installations upon upgrade to 10.0, that did
+  # not know their LDAP SSL certificates were not setup properly. For
+  # example, when using self-signed certificates, the ca_file path may
+  # need to be specified.
+  verify_certificates: true
 
   # Specifies the path to a file containing a PEM-format CA certificate,
   # e.g. if you need to use an internal CA.
author	Luke "Jared" Bennett <lbennett@gitlab.com>	2017-08-31 09:17:23 +0100
committer	Luke "Jared" Bennett <lbennett@gitlab.com>	2017-08-31 09:17:23 +0100
commit	f884a4bbd7ccaf448e0d998711d20497cef6ac71 (patch)
tree	65c9b70b58dea175d188114ce066cd17baf12888 /doc/administration/auth/ldap.md
parent	32a68328d719327d26e82684cdf354ed25598416 (diff)
parent	3e092caa91853afeab3bb01be10869e45c39de5d (diff)
download	gitlab-ce-f884a4bbd7ccaf448e0d998711d20497cef6ac71.tar.gz