diff options
author | Florian Zschocke <florian.zschocke@devolo.de> | 2016-11-14 20:18:07 +0100 |
---|---|---|
committer | Florian Zschocke <florian.zschocke@devolo.de> | 2016-11-14 20:18:07 +0100 |
commit | f004a7f1d6bd9eaa6e7a8c8cd9ddae4187bd9994 (patch) | |
tree | 71cd038263229f647a47178a4f864045ef97aefb /src | |
parent | a4ad77f9ec3292a7a6c2fb21689d672cf5db1f20 (diff) | |
download | gitblit-f004a7f1d6bd9eaa6e7a8c8cd9ddae4187bd9994.tar.gz gitblit-f004a7f1d6bd9eaa6e7a8c8cd9ddae4187bd9994.zip |
Update documentation for LDAP binding in default.properties.merged--fixLDAPbinding
Extend the comments for some realm.ldap.* properties to better explain
use cases and requirements.
Diffstat (limited to 'src')
-rw-r--r-- | src/main/distrib/data/defaults.properties | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties index 0c7d6cd4..16be8476 100644 --- a/src/main/distrib/data/defaults.properties +++ b/src/main/distrib/data/defaults.properties @@ -1797,6 +1797,10 @@ realm.salesforce.orgId = 0 realm.ldap.server = ldap://localhost # Login username for LDAP searches. +# This is usually a user with permissions to search LDAP users and groups. +# It must have at least have the permission to search users. If it does not +# have permission to search groups, the normal user logging in must have +# the permission in LDAP to search groups. # If this value is unspecified, anonymous LDAP login will be used. # # e.g. mydomain\\username @@ -1809,8 +1813,14 @@ realm.ldap.username = cn=Directory Manager # SINCE 1.0.0 realm.ldap.password = password -# Bind pattern for Authentication. -# Allow to directly authenticate an user without LDAP Searches. +# Bind pattern for user authentication. +# Allow to directly authenticate an user without searching for it in LDAP. +# Use this if the LDAP server does not allow anonymous access and you don't +# want to use a specific account to run searches. When set, it will override +# the settings realm.ldap.username and realm.ldap.password. +# This requires that all relevant user entries are children to the same DN, +# and that logging users have permission to search for their groups in LDAP. +# This will disable synchronization as a specific LDAP account is needed for that. # # e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain # @@ -1926,6 +1936,9 @@ realm.ldap.email = email realm.ldap.uid = uid # Defines whether to synchronize all LDAP users and teams into the user service +# This requires either anonymous LDAP access or that a specific account is set +# in realm.ldap.username and realm.ldap.password, that has permission to read +# users and groups in LDAP. # # Valid values: true, false # If left blank, false is assumed |