summaryrefslogtreecommitdiff
path: root/doc/integration
diff options
context:
space:
mode:
authorDrew Blessing <drew@gitlab.com>2015-12-08 09:47:42 -0600
committerDrew Blessing <drew@gitlab.com>2015-12-08 11:15:30 -0600
commitbf5683f8892c4aefc4c996812ece6291b701dada (patch)
tree0d16e4ef7bd4232b83882fc210b84771f6ae0c81 /doc/integration
parent14165e59726b0813af90f785037d96d0973adf6d (diff)
downloadgitlab-ce-bf5683f8892c4aefc4c996812ece6291b701dada.tar.gz
Block LDAP user when they are no longer found in the LDAP server
Diffstat (limited to 'doc/integration')
-rw-r--r--doc/integration/ldap.md8
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/integration/ldap.md b/doc/integration/ldap.md
index 7e2920b8865..845f588f913 100644
--- a/doc/integration/ldap.md
+++ b/doc/integration/ldap.md
@@ -13,6 +13,12 @@ An LDAP user who is allowed to change their email on the LDAP server can [take o
We recommend against using GitLab LDAP integration if your LDAP users are allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on the LDAP server.
+If a user is deleted from the LDAP server, they will be blocked in GitLab as well.
+Users will be immediately blocked from logging in. However, there is an LDAP check
+cache time of one hour. The means users that are already logged in or are using Git
+over SSH will still be able to access GitLab for up to one hour. Manually block
+the user in the GitLab Admin area to immediately block all access.
+
## Configuring GitLab for LDAP integration
To enable GitLab LDAP integration you need to add your LDAP server settings in `/etc/gitlab/gitlab.rb` or `/home/git/gitlab/config/gitlab.yml`.
@@ -192,4 +198,4 @@ Not supported by GitLab's configuration options.
When setting `method: ssl`, the underlying authentication method used by
`omniauth-ldap` is `simple_tls`. This method establishes TLS encryption with
the LDAP server before any LDAP-protocol data is exchanged but no validation of
-the LDAP server's SSL certificate is performed. \ No newline at end of file
+the LDAP server's SSL certificate is performed.