diff options
| -rw-r--r-- | doc/administration/auth/ldap.md | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/doc/administration/auth/ldap.md b/doc/administration/auth/ldap.md index ba3b421e682..02e93d41a51 100644 --- a/doc/administration/auth/ldap.md +++ b/doc/administration/auth/ldap.md @@ -20,18 +20,18 @@ details about EE-specific LDAP features, see the ## Security -GitLab assumes that LDAP users are not able to change their LDAP 'mail', 'email' -or 'userPrincipalName' attribute. An LDAP user who is allowed to change their -email on the LDAP server can potentially -[take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users) -on your GitLab server. +GitLab assumes that LDAP users: -GitLab also assumes that LDAP users have unique email addresses, otherwise it is -possible for LDAP users with the same email address to share the same GitLab account. +- Are not able to change their LDAP `mail`, `email`, or `userPrincipalName` attribute. + An LDAP user who is allowed to change their email on the LDAP server can potentially + [take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users) + on your GitLab server. +- Have unique email addresses, otherwise it is possible for LDAP users with the same + email address to share the same GitLab account. We recommend against using LDAP integration if your LDAP users are -allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on -the LDAP server. +allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on +the LDAP server or share email addresses. ### User deletion |