Skip to content
Snippets Groups Projects
Commit 8d24b935 authored by 🚄 Job van der Voort 🚀's avatar 🚄 Job van der Voort 🚀
Browse files

Merge branch 'ldap-email-attribute' into 'master' 

LDAP users should not control their LDAP email

If they can, they can take over arbitrary GitLab accounts.

See merge request !1837
parents 79aac2c1 98ff4131
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 0 deletions
doc/integration/ldap.md
+ 7
0
View file @ 8d24b935
@@ -6,6 +6,13 @@ The first time a user signs in with LDAP credentials, GitLab will create a new G
 
GitLab user attributes such as nickname and email will be copied from the LDAP user entry.
 
## Security
GitLab assumes that LDAP users are not able to change their LDAP 'mail', 'email' or 'userPrincipalName' attribute.
An LDAP user who is allowed to change their email on the LDAP server can [take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users) on your GitLab server.
We recommend against using GitLab LDAP integration if your LDAP users are allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on the LDAP server.
## Configuring GitLab for LDAP integration
 
To enable GitLab LDAP integration you need to add your LDAP server settings in `/etc/gitlab/gitlab.rb` or `/home/git/gitlab/config/gitlab.yml`.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment