Skip to content
Snippets Groups Projects
Commit 35191112 authored by George Koltsov's avatar George Koltsov Committed by Evan Read
Browse files

Update ldap#security section

parent 919ff576
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
doc/administration/auth/ldap.md
+ 10
7
View file @ 35191112
@@ -33,15 +33,18 @@ information services over an Internet Protocol (IP) network.
 
## Security
 
GitLab assumes that LDAP users are not able to change their LDAP 'mail', 'email'
or 'userPrincipalName' attribute. An LDAP user who is allowed to change their
email on the LDAP server can potentially
[take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users)
on your GitLab server.
GitLab assumes that LDAP users:
- Are not able to change their LDAP `mail`, `email`, or `userPrincipalName` attribute.
An LDAP user who is allowed to change their email on the LDAP server can potentially
[take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users)
on your GitLab server.
- Have unique email addresses, otherwise it is possible for LDAP users with the same
email address to share the same GitLab account.
 
We recommend against using LDAP integration if your LDAP users are
allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on
the LDAP server.
allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on
the LDAP server or share email addresses.
 
### User deletion
 
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment