diff options
Diffstat (limited to 'doc/integration/ldap.md')
-rw-r--r-- | doc/integration/ldap.md | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/doc/integration/ldap.md b/doc/integration/ldap.md index 845f588f913..cf1f98492ea 100644 --- a/doc/integration/ldap.md +++ b/doc/integration/ldap.md @@ -48,6 +48,11 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' password: '_the_password_of_the_bind_user' + # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking + # a request if the LDAP server becomes unresponsive. + # A value of 0 means there is no timeout. + timeout: 10 + # This setting specifies if LDAP server is Active Directory LDAP server. # For non AD servers it skips the AD specific queries. # If your LDAP server is not AD, set this to false. @@ -199,3 +204,25 @@ When setting `method: ssl`, the underlying authentication method used by `omniauth-ldap` is `simple_tls`. This method establishes TLS encryption with the LDAP server before any LDAP-protocol data is exchanged but no validation of the LDAP server's SSL certificate is performed. + +## Troubleshooting + +### Invalid credentials when logging in + +Make sure the user you are binding with has enough permissions to read the user's +tree and traverse it. + +Also make sure that the `user_filter` is not blocking otherwise valid users. + +To make sure that the LDAP settings are correct and GitLab can see your users, +execute the following command: + + +```bash +# For Omnibus installations +sudo gitlab-rake gitlab:ldap:check + +# For installations from source +sudo -u git -H bundle exec rake gitlab:ldap:check RAILS_ENV=production +``` + |