Update LDAP SSL config options

fdaa49ca · Michael Kozono · 0b4eb7f2 · fdaa49ca
Commit fdaa49ca authored 7 years ago by Michael Kozono
--- a/doc/administration/auth/ldap.md
+++ b/doc/administration/auth/ldap.md
@@ -69,14 +69,42 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server
  # Example: 'ldap.mydomain.com'
  host: '_your_ldap_server'
  # This port is an example, it is sometimes different but it is always an integer and not a string
-  port: 389
+  port: 389 # usually 636 for SSL
  uid: 'sAMAccountName' # This should be the attribute, not the value that maps to uid.
-  method: 'plain' # "tls" or "ssl" or "plain"
  
  # Examples: 'america\\momo' or 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=com'
  bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
  password: '_the_password_of_the_bind_user'
  
+  # Encryption method. The "method" key is deprecated in favor of
+  # "encryption".
+  #
+  #   Examples: "start_tls" or "simple_tls" or "plain"
+  #
+  #   Deprecated values: "tls" was replaced with "start_tls" and "ssl" was
+  #   replaced with "simple_tls".
+  #
+  encryption: 'plain'
+
+  # Enables SSL certificate verification if encryption method is
+  # "start_tls" or "simple_tls". (Defaults to false for backward-
+  # compatibility)
+  verify_certificates: false
+
+  # Specifies the path to a file containing a PEM-format CA certificate,
+  # e.g. if you need to use an internal CA.
+  #
+  #   Example: '/etc/ca.pem'
+  #
+  ca_cert: ''
+
+  # Specifies the SSL version for OpenSSL to use, if the OpenSSL default
+  # is not appropriate.
+  #
+  #   Example: 'TLSv1_1'
+  #
+  ssl_version: ''
+
  # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
  # a request if the LDAP server becomes unresponsive.
  # A value of 0 means there is no timeout.
@@ -116,8 +144,8 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server
  #
  #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
  #
-  #   Below an example for get only specific users
-  #   Example: '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))'
+  #   Example for getting only specific users:
+  #   '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))'
  #
  user_filter: ''