summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Zschocke <florian.zschocke@devolo.de>2016-11-14 20:18:07 +0100
committerFlorian Zschocke <florian.zschocke@devolo.de>2016-11-14 20:18:07 +0100
commitf004a7f1d6bd9eaa6e7a8c8cd9ddae4187bd9994 (patch)
tree71cd038263229f647a47178a4f864045ef97aefb
parenta4ad77f9ec3292a7a6c2fb21689d672cf5db1f20 (diff)
downloadgitblit-f004a7f1d6bd9eaa6e7a8c8cd9ddae4187bd9994.tar.gz
gitblit-f004a7f1d6bd9eaa6e7a8c8cd9ddae4187bd9994.zip
Update documentation for LDAP binding in default.properties.merged--fixLDAPbinding
Extend the comments for some realm.ldap.* properties to better explain use cases and requirements.
-rw-r--r--src/main/distrib/data/defaults.properties17
1 files changed, 15 insertions, 2 deletions
diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties
index 0c7d6cd4..16be8476 100644
--- a/src/main/distrib/data/defaults.properties
+++ b/src/main/distrib/data/defaults.properties
@@ -1797,6 +1797,10 @@ realm.salesforce.orgId = 0
realm.ldap.server = ldap://localhost
# Login username for LDAP searches.
+# This is usually a user with permissions to search LDAP users and groups.
+# It must have at least have the permission to search users. If it does not
+# have permission to search groups, the normal user logging in must have
+# the permission in LDAP to search groups.
# If this value is unspecified, anonymous LDAP login will be used.
#
# e.g. mydomain\\username
@@ -1809,8 +1813,14 @@ realm.ldap.username = cn=Directory Manager
# SINCE 1.0.0
realm.ldap.password = password
-# Bind pattern for Authentication.
-# Allow to directly authenticate an user without LDAP Searches.
+# Bind pattern for user authentication.
+# Allow to directly authenticate an user without searching for it in LDAP.
+# Use this if the LDAP server does not allow anonymous access and you don't
+# want to use a specific account to run searches. When set, it will override
+# the settings realm.ldap.username and realm.ldap.password.
+# This requires that all relevant user entries are children to the same DN,
+# and that logging users have permission to search for their groups in LDAP.
+# This will disable synchronization as a specific LDAP account is needed for that.
#
# e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain
#
@@ -1926,6 +1936,9 @@ realm.ldap.email = email
realm.ldap.uid = uid
# Defines whether to synchronize all LDAP users and teams into the user service
+# This requires either anonymous LDAP access or that a specific account is set
+# in realm.ldap.username and realm.ldap.password, that has permission to read
+# users and groups in LDAP.
#
# Valid values: true, false
# If left blank, false is assumed