Skip to content
Snippets Groups Projects
Commit cb497dd4 authored by Evan Read's avatar Evan Read
Browse files

Merge branch 'georgekoltsov/64501-update-ldap-doc' into 'master' 

Update ldap#security section

See merge request gitlab-org/gitlab-ce!31335
parents 919ff576 35191112
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
doc/administration/auth/ldap.md
+ 10
7
View file @ cb497dd4
@@ -33,15 +33,18 @@ information services over an Internet Protocol (IP) network.
 
## Security
 
GitLab assumes that LDAP users are not able to change their LDAP 'mail', 'email'
or 'userPrincipalName' attribute. An LDAP user who is allowed to change their
email on the LDAP server can potentially
[take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users)
on your GitLab server.
GitLab assumes that LDAP users:
- Are not able to change their LDAP `mail`, `email`, or `userPrincipalName` attribute.
An LDAP user who is allowed to change their email on the LDAP server can potentially
[take over any account](#enabling-ldap-sign-in-for-existing-gitlab-users)
on your GitLab server.
- Have unique email addresses, otherwise it is possible for LDAP users with the same
email address to share the same GitLab account.
 
We recommend against using LDAP integration if your LDAP users are
allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on
the LDAP server.
allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on
the LDAP server or share email addresses.
 
### User deletion
 
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment