Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/administration/auth/ldap/ldap-troubleshooting.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/administration/auth/ldap/ldap-troubleshooting.md')
-rw-r--r--doc/administration/auth/ldap/ldap-troubleshooting.md34
1 files changed, 17 insertions, 17 deletions
diff --git a/doc/administration/auth/ldap/ldap-troubleshooting.md b/doc/administration/auth/ldap/ldap-troubleshooting.md
index 1976bab03c6..438f591856b 100644
--- a/doc/administration/auth/ldap/ldap-troubleshooting.md
+++ b/doc/administration/auth/ldap/ldap-troubleshooting.md
@@ -52,7 +52,7 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server
admin_group: 'my_admin_group'
```
-#### Query LDAP **(STARTER ONLY)**
+#### Query LDAP **(PREMIUM SELF)**
The following allows you to perform a search in LDAP using the rails console.
Depending on what you're trying to do, it may make more sense to query [a
@@ -148,11 +148,11 @@ We have a workaround, based on toggling the access level of affected users:
1. As an administrator, go to **Admin Area > Overview > Users**.
1. Select the name of the affected user.
1. In the user's administrative page, press **Edit** on the top right of the page.
-1. Change the user's access level from **Regular** to **Admin** (or vice versa),
+1. Change the user's access level from `Regular` to `Admin` (or vice versa),
and press **Save changes** at the bottom of the page.
1. Press **Edit** on the top right of the user's profile page
again.
-1. Restore the user's original access level (**Regular** or **Admin**)
+1. Restore the user's original access level (`Regular` or `Admin`)
and press **Save changes** again.
The user should now be able to sign in.
@@ -191,7 +191,7 @@ have to be taken here:
will associate this profile to the LDAP identity.
The user can do either of these steps [in their
-profile](../../../user/profile/index.md#user-profile) or an admin can do it.
+profile](../../../user/profile/index.md#user-profile) or an administrator can do it.
#### Debug LDAP user filter
@@ -210,7 +210,7 @@ ldapsearch -H ldaps://$host:$port -D "$bind_dn" -y bind_dn_password.txt -b "$ba
port.
- We are assuming the password for the `bind_dn` user is in `bind_dn_password.txt`.
-#### Sync all users **(STARTER ONLY)**
+#### Sync all users **(PREMIUM SELF)**
The output from a manual [user sync](index.md#user-sync) can show you what happens when
GitLab tries to sync its users against LDAP. Enter the [rails console](#rails-console)
@@ -225,7 +225,7 @@ LdapSyncWorker.new.perform
Next, [learn how to read the
output](#example-console-output-after-a-user-sync).
-##### Example console output after a user sync **(STARTER ONLY)**
+##### Example console output after a user sync **(PREMIUM SELF)**
The output from a [manual user sync](#sync-all-users) will be very verbose, and a
single user's successful sync can look like this:
@@ -316,9 +316,9 @@ adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') # If `main` is the LDAP pr
Gitlab::Auth::Ldap::Person.find_by_uid('<uid>', adapter)
```
-### Group memberships **(STARTER ONLY)**
+### Group memberships **(PREMIUM SELF)**
-#### Membership(s) not granted **(STARTER ONLY)**
+#### Membership(s) not granted **(PREMIUM SELF)**
Sometimes you may think a particular user should be added to a GitLab group via
LDAP group sync, but for some reason it's not happening. There are several
@@ -358,17 +358,17 @@ the rails console.
UIDs here should match the 'Identifier' from the LDAP identity checked earlier. If it doesn't,
the user does not appear to be in the LDAP group.
-#### Admin privileges not granted
+#### Administrator privileges not granted
When [Administrator sync](index.md#administrator-sync) has been configured
-but the configured users aren't granted the correct admin privileges, confirm
+but the configured users aren't granted the correct administrator privileges, confirm
the following are true:
- A [`group_base` is also configured](index.md#group-sync).
- The configured `admin_group` in the `gitlab.rb` is a CN, rather than a DN or an array.
- This CN falls under the scope of the configured `group_base`.
- The members of the `admin_group` have already signed into GitLab with their LDAP
- credentials. GitLab will only grant this admin access to the users whose
+ credentials. GitLab will only grant this administrator access to the users whose
accounts are already connected to LDAP.
If all the above are true and the users are still not getting access, [run a manual
@@ -376,7 +376,7 @@ group sync](#sync-all-groups) in the rails console and [look through the
output](#example-console-output-after-a-group-sync) to see what happens when
GitLab syncs the `admin_group`.
-#### Sync all groups **(STARTER ONLY)**
+#### Sync all groups **(PREMIUM SELF)**
NOTE:
To sync all groups manually when debugging is unnecessary, [use the Rake
@@ -394,7 +394,7 @@ LdapAllGroupsSyncWorker.new.perform
Next, [learn how to read the
output](#example-console-output-after-a-group-sync).
-##### Example console output after a group sync **(STARTER ONLY)**
+##### Example console output after a group sync **(PREMIUM SELF)**
Like the output from the user sync, the output from the [manual group
sync](#sync-all-groups) will also be very verbose. However, it contains lots
@@ -477,14 +477,14 @@ this line will indicate the sync is finished:
Finished syncing admin users for 'ldapmain' provider
```
-If [admin sync](index.md#administrator-sync) is not configured, you'll see a message
+If [administrator sync](index.md#administrator-sync) is not configured, you'll see a message
stating as such:
```shell
No `admin_group` configured for 'ldapmain' provider. Skipping
```
-#### Sync one group **(STARTER ONLY)**
+#### Sync one group **(PREMIUM SELF)**
[Syncing all groups](#sync-all-groups) can produce a lot of noise in the output, which can be
distracting when you're only interested in troubleshooting the memberships of
@@ -506,7 +506,7 @@ EE::Gitlab::Auth::Ldap::Sync::Group.execute_all_providers(group)
The output will be similar to
[that you'd get from syncing all groups](#example-console-output-after-a-group-sync).
-#### Query a group in LDAP **(STARTER ONLY)**
+#### Query a group in LDAP **(PREMIUM SELF)**
When you'd like to confirm that GitLab can read a LDAP group and see all its members,
you can run the following:
@@ -562,7 +562,7 @@ emails.each do |username, email|
end
```
-You can then [run a UserSync](#sync-all-users) **(STARTER ONLY)** to sync the latest DN
+You can then [run a UserSync](#sync-all-users) **(PREMIUM SELF)** to sync the latest DN
for each of these users.
## Debugging Tools
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 13:11:03 +0300