Default LDAP config verify_certificates to true

author: Michael Kozono <mkozono@gmail.com> 2017-08-29 16:47:43 -0700
committer: Michael Kozono <mkozono@gmail.com> 2017-08-30 11:27:01 -0700
commit: dd3e7ff036401b4c3b754a24bfdf9248ae8a8fe5 (patch)
tree: 5968190fe4af68daeaedf1a24f657f06d9d466cc /doc/administration
parent: cbaa015cc9f55a387cdab85a6ba4b8c9c6ab447e (diff)
download: gitlab-ce-dd3e7ff036401b4c3b754a24bfdf9248ae8a8fe5.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md
index 425c924cdf2..d22815dfa5e 100644
--- a/doc/administration/auth/ldap.md
+++ b/doc/administration/auth/ldap.md
@@ -87,9 +87,12 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server
   encryption: 'plain'
 
   # Enables SSL certificate verification if encryption method is
-  # "start_tls" or "simple_tls". (Defaults to false for backward-
-  # compatibility)
-  verify_certificates: false
+  # "start_tls" or "simple_tls". Defaults to true since GitLab 10.0 for
+  # security. This may break installations upon upgrade to 10.0, that did
+  # not know their LDAP SSL certificates were not setup properly. For
+  # example, when using self-signed certificates, the ca_file path may
+  # need to be specified.
+  verify_certificates: true
 
   # Specifies the path to a file containing a PEM-format CA certificate,
   # e.g. if you need to use an internal CA.
author	Michael Kozono <mkozono@gmail.com>	2017-08-29 16:47:43 -0700
committer	Michael Kozono <mkozono@gmail.com>	2017-08-30 11:27:01 -0700
commit	dd3e7ff036401b4c3b754a24bfdf9248ae8a8fe5 (patch)
tree	5968190fe4af68daeaedf1a24f657f06d9d466cc /doc/administration
parent	cbaa015cc9f55a387cdab85a6ba4b8c9c6ab447e (diff)
download	gitlab-ce-dd3e7ff036401b4c3b754a24bfdf9248ae8a8fe5.tar.gz