Skip to content
Snippets Groups Projects
Commit 98ff4131 authored by Jacob Vosmaer (GitLab)'s avatar Jacob Vosmaer (GitLab)
Browse files

LDAP users should not control their LDAP email

parent 79aac2c1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 0 deletions
doc/integration/ldap.md
+ 7
0
View file @ 98ff4131
@@ -6,6 +6,13 @@ The first time a user signs in with LDAP credentials, GitLab will create a new G
 
GitLab user attributes such as nickname and email will be copied from the LDAP user entry.
 
## Security
GitLab assumes that LDAP users are not able to change their LDAP 'mail', 'email' or 'userPrincipalName' attribute.
An LDAP user who is allowed to change their email on the LDAP server can [take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users) on your GitLab server.
We recommend against using GitLab LDAP integration if your LDAP users are allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on the LDAP server.
## Configuring GitLab for LDAP integration
 
To enable GitLab LDAP integration you need to add your LDAP server settings in `/etc/gitlab/gitlab.rb` or `/home/git/gitlab/config/gitlab.yml`.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment