diff options
| author | Michael Kozono <mkozono@gmail.com> | 2017-06-09 15:35:41 -0700 | 
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2017-07-26 02:43:38 -0700 | 
| commit | fdaa49ca29c458a99cdae207784ecf10f0d208c0 (patch) | |
| tree | 7731d2c00ca673df844fbd5c15c559b0fe015edf | |
| parent | 0b4eb7f21851b478d7fe179a1213d090d8ce4c57 (diff) | |
| download | gitlab-ce-fdaa49ca29c458a99cdae207784ecf10f0d208c0.tar.gz | |
Update LDAP SSL config options
| -rw-r--r-- | doc/administration/auth/ldap.md | 36 | 
1 files changed, 32 insertions, 4 deletions
| diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md index 3449f9e15ce..90dd9d6a51b 100644 --- a/doc/administration/auth/ldap.md +++ b/doc/administration/auth/ldap.md @@ -69,14 +69,42 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server    # Example: 'ldap.mydomain.com'    host: '_your_ldap_server'    # This port is an example, it is sometimes different but it is always an integer and not a string -  port: 389 +  port: 389 # usually 636 for SSL    uid: 'sAMAccountName' # This should be the attribute, not the value that maps to uid. -  method: 'plain' # "tls" or "ssl" or "plain"    # Examples: 'america\\momo' or 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=com'    bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'    password: '_the_password_of_the_bind_user' +  # Encryption method. The "method" key is deprecated in favor of +  # "encryption". +  # +  #   Examples: "start_tls" or "simple_tls" or "plain" +  # +  #   Deprecated values: "tls" was replaced with "start_tls" and "ssl" was +  #   replaced with "simple_tls". +  # +  encryption: 'plain' + +  # Enables SSL certificate verification if encryption method is +  # "start_tls" or "simple_tls". (Defaults to false for backward- +  # compatibility) +  verify_certificates: false + +  # Specifies the path to a file containing a PEM-format CA certificate, +  # e.g. if you need to use an internal CA. +  # +  #   Example: '/etc/ca.pem' +  # +  ca_cert: '' + +  # Specifies the SSL version for OpenSSL to use, if the OpenSSL default +  # is not appropriate. +  # +  #   Example: 'TLSv1_1' +  # +  ssl_version: '' +    # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking    # a request if the LDAP server becomes unresponsive.    # A value of 0 means there is no timeout. @@ -116,8 +144,8 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server    #    #   Note: GitLab does not support omniauth-ldap's custom filter syntax.    # -  #   Below an example for get only specific users -  #   Example: '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))' +  #   Example for getting only specific users: +  #   '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))'    #    user_filter: '' | 
