4 files changed, 34 insertions, 4 deletions

diff --git a/doc/administration/auth/index.md b/doc/administration/auth/index.md
index d09344629e2..fca4f163075 100644
--- a/doc/administration/auth/index.md
+++ b/doc/administration/auth/index.md
@@ -31,7 +31,6 @@ providers:
 - [Salesforce](../../integration/salesforce.md)
 - [SAML](../../integration/saml.md)
 - [SAML for GitLab.com groups](../../user/group/saml_sso/index.md) **(PREMIUM SAAS)**
-- [Shibboleth](../../integration/saml.md)
 - [Smartcard](smartcard.md) **(PREMIUM SELF)**
 - [Twitter](../../integration/twitter.md)
 
diff --git a/doc/administration/auth/ldap/index.md b/doc/administration/auth/ldap/index.md
index 2a396c4d53a..a7e070b755a 100644
--- a/doc/administration/auth/ldap/index.md
+++ b/doc/administration/auth/ldap/index.md
@@ -518,7 +518,7 @@ GitLab doesn't support TLS client authentication. Complete these steps on your L
 The TLS client authentication setting in your LDAP server cannot be mandatory and clients cannot be
 authenticated with the TLS protocol.
 
-## Deleting users
+## Users deleted from LDAP
 
 Users deleted from the LDAP server:
 
@@ -531,6 +531,16 @@ However, these users can continue to use Git with SSH until the next time the
 To delete the account immediately, you can manually
 [block the user](../../../user/admin_area/moderate_users.md#block-a-user).
 
+## Updating user email addresses
+
+Email addresses on the LDAP server are considered the source of truth for users when LDAP is used to sign in. Updating user email
+addresses must be done on the LDAP server that manages the user. The email address for GitLab is updated either:
+
+- When the user next signs in.
+- When the next [user sync](ldap_synchronization.md#user-sync) is run.
+
+The updated user's previous email address becomes the secondary email address to preserve that user's commit history.
+
 ## Google Secure LDAP
 
 > Introduced in GitLab 11.9.
diff --git a/doc/administration/auth/ldap/ldap-troubleshooting.md b/doc/administration/auth/ldap/ldap-troubleshooting.md
index b8391bec72f..5c5d5aaffe8 100644
--- a/doc/administration/auth/ldap/ldap-troubleshooting.md
+++ b/doc/administration/auth/ldap/ldap-troubleshooting.md
@@ -71,7 +71,28 @@ options = {
     filter: Net::LDAP::Filter.eq('cn', '*'),
 
     # :attributes is optional
-    # the attributes we want to get returnedk
+    # the attributes we want to get returned
+    attributes: %w(dn cn memberuid member submember uniquemember memberof)
+}
+adapter.ldap_search(options)
+```
+
+When using OIDs in the filter, replace `Net::LDAP::Filter.eq` with `Net::LDAP::Filter.construct`:
+
+```ruby
+adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain')
+options = {
+    # :base is required
+    # use .base or .group_base
+    base: adapter.config.base,
+
+    # :filter is optional
+    # This filter includes OID 1.2.840.113556.1.4.1941
+    # It will search for all direct and nested members of the group gitlab_grp in the LDAP directory  
+    filter: Net::LDAP::Filter.construct("(memberOf:1.2.840.113556.1.4.1941:=CN=gitlab_grp,DC=example,DC=com)"),
+
+    # :attributes is optional
+    # the attributes we want to get returned
     attributes: %w(dn cn memberuid member submember uniquemember memberof)
 }
 adapter.ldap_search(options)
diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md
index a099b9c76f8..561cbd1b3ae 100644
--- a/doc/administration/auth/oidc.md
+++ b/doc/administration/auth/oidc.md
@@ -471,7 +471,7 @@ For your app, complete the following steps on Casdoor:
 1. Add your GitLab redirect URL. For example, if your GitLab domain is `gitlab.example.com`, ensure the Casdoor app has the following
    `Redirect URI`: `https://gitlab.example.com/users/auth/openid_connect/callback`.
 
-See the [Casdoor documentation](https://casdoor.org/docs/integration/gitlab) for more details.
+See the [Casdoor documentation](https://casdoor.org/docs/integration/gitlab/) for more details.
 
 Example Omnibus GitLab configuration (file path: `/etc/gitlab/gitlab.rb`):