diff options
| author | Achilleas Pipinellis <axilleas@axilleas.me> | 2017-01-19 12:49:34 +0000 |
|---|---|---|
| committer | Achilleas Pipinellis <axilleas@axilleas.me> | 2017-01-19 12:49:34 +0000 |
| commit | 5ba18c58df182f656340b0ea192f20ede34e2e6d (patch) | |
| tree | c0876df3cfb4ccd854d1857c51750021ed0e5201 /doc | |
| parent | fd1e4c7519ef39ad5db11205cf93fd7c6fb024e5 (diff) | |
| parent | 66ccf2d9f64f8e0a13e7664daa971d001dd630fb (diff) | |
| download | gitlab-ce-5ba18c58df182f656340b0ea192f20ede34e2e6d.tar.gz | |
Merge branch 'document-auto_link_ldap_user' into 'master'
Document the `auto_link_ldap_user` setting
See merge request !8568
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/integration/omniauth.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index 4c933cef9b7..98a680d0dbe 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -41,6 +41,9 @@ that are in common for all providers that we need to consider. - `allow_single_sign_on` allows you to specify the providers you want to allow to automatically create an account. It defaults to `false`. If `false` users must be created manually or they will not be able to sign in via OmniAuth. +- `auto_link_ldap_user` can be used if you have [LDAP / ActiveDirectory](ldap.md) + integration enabled. It defaults to false. When enabled, users automatically + created through OmniAuth will be linked to their LDAP entry as well. - `block_auto_created_users` defaults to `true`. If `true` auto created users will be blocked by default and will have to be unblocked by an administrator before they are able to sign in. @@ -52,6 +55,10 @@ SAML, Shibboleth, Crowd or Google, or set it to `false` otherwise any user on the Internet will be able to successfully sign in to your GitLab without administrative approval. +>**Note:** +`auto_link_ldap_user` requires the `uid` of the user to be the same in both LDAP +and the OmniAuth provider. + To change these settings: * **For omnibus package** @@ -72,6 +79,7 @@ To change these settings: # using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none. # User accounts will be created automatically when authentication was successful. gitlab_rails['omniauth_allow_single_sign_on'] = ['saml', 'twitter'] + gitlab_rails['omniauth_auto_link_ldap_user'] = true gitlab_rails['omniauth_block_auto_created_users'] = true ``` @@ -99,6 +107,8 @@ To change these settings: # User accounts will be created automatically when authentication was successful. allow_single_sign_on: ["saml", "twitter"] + auto_link_ldap_user: true + # Locks down those users until they have been cleared by the admin (default: true). block_auto_created_users: true ``` |