diff options
Diffstat (limited to 'doc/administration/auth/ldap')
-rw-r--r-- | doc/administration/auth/ldap/index.md | 12 | ||||
-rw-r--r-- | doc/administration/auth/ldap/ldap-troubleshooting.md | 23 |
2 files changed, 33 insertions, 2 deletions
diff --git a/doc/administration/auth/ldap/index.md b/doc/administration/auth/ldap/index.md index 2a396c4d53a..a7e070b755a 100644 --- a/doc/administration/auth/ldap/index.md +++ b/doc/administration/auth/ldap/index.md @@ -518,7 +518,7 @@ GitLab doesn't support TLS client authentication. Complete these steps on your L The TLS client authentication setting in your LDAP server cannot be mandatory and clients cannot be authenticated with the TLS protocol. -## Deleting users +## Users deleted from LDAP Users deleted from the LDAP server: @@ -531,6 +531,16 @@ However, these users can continue to use Git with SSH until the next time the To delete the account immediately, you can manually [block the user](../../../user/admin_area/moderate_users.md#block-a-user). +## Updating user email addresses + +Email addresses on the LDAP server are considered the source of truth for users when LDAP is used to sign in. Updating user email +addresses must be done on the LDAP server that manages the user. The email address for GitLab is updated either: + +- When the user next signs in. +- When the next [user sync](ldap_synchronization.md#user-sync) is run. + +The updated user's previous email address becomes the secondary email address to preserve that user's commit history. + ## Google Secure LDAP > Introduced in GitLab 11.9. diff --git a/doc/administration/auth/ldap/ldap-troubleshooting.md b/doc/administration/auth/ldap/ldap-troubleshooting.md index b8391bec72f..5c5d5aaffe8 100644 --- a/doc/administration/auth/ldap/ldap-troubleshooting.md +++ b/doc/administration/auth/ldap/ldap-troubleshooting.md @@ -71,7 +71,28 @@ options = { filter: Net::LDAP::Filter.eq('cn', '*'), # :attributes is optional - # the attributes we want to get returnedk + # the attributes we want to get returned + attributes: %w(dn cn memberuid member submember uniquemember memberof) +} +adapter.ldap_search(options) +``` + +When using OIDs in the filter, replace `Net::LDAP::Filter.eq` with `Net::LDAP::Filter.construct`: + +```ruby +adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') +options = { + # :base is required + # use .base or .group_base + base: adapter.config.base, + + # :filter is optional + # This filter includes OID 1.2.840.113556.1.4.1941 + # It will search for all direct and nested members of the group gitlab_grp in the LDAP directory + filter: Net::LDAP::Filter.construct("(memberOf:1.2.840.113556.1.4.1941:=CN=gitlab_grp,DC=example,DC=com)"), + + # :attributes is optional + # the attributes we want to get returned attributes: %w(dn cn memberuid member submember uniquemember memberof) } adapter.ldap_search(options) |