diff --git a/README.md b/README.md index 16702ba8..ed326b9a 100644 --- a/README.md +++ b/README.md @@ -1003,6 +1003,11 @@ Below is the complete list of available options that can be used to customize yo | `LDAP_BLOCK_AUTO_CREATED_USERS` | Locks down those users until they have been cleared by the admin. Defaults to `false`. | | `LDAP_BASE` | Base where we can search for users. No default. | | `LDAP_USER_FILTER` | Filter LDAP users. No default. | +| `LDAP_USER_ATTRIBUTE_USERNAME` | Attribute fields for the identification of a user. Default to `['uid', 'userid', 'sAMAccountName']` | +| `LDAP_USER_ATTRIBUTE_MAIL` | Attribute fields for the shown mail address. Default to `['mail', 'email', 'userPrincipalName']` | +| `LDAP_USER_ATTRIBUTE_NAME` | Attribute field for the used username of a user. Default to `cn`. | +| `LDAP_USER_ATTRIBUTE_FIRSTNAME` | Attribute field for the forename of a user. Default to `givenName` | +| `LDAP_USER_ATTRIBUTE_LASTNAME` | Attribute field for the surname of a user. Default to `sn` | | `LDAP_LOWERCASE_USERNAMES` | GitLab will lower case the username for the LDAP Server. Defaults to `false` | | `OAUTH_ENABLED` | Enable OAuth support. Defaults to `true` if any of the support OAuth providers is configured, else defaults to `false`. | | `OAUTH_AUTO_SIGN_IN_WITH_PROVIDER` | Automatically sign in with a specific OAuth provider without showing GitLab sign-in page. Accepted values are `cas3`, `github`, `bitbucket`, `gitlab`, `google_oauth2`, `facebook`, `twitter`, `saml`, `crowd`, `auth0` and `azure_oauth2`. No default. | diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index 1c09c2c1..863105cb 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -395,15 +395,15 @@ production: &base # them in issues, merge request and comments (like `@username`). # If the attribute specified for `username` contains an email address, # the GitLab username will be the part of the email address before the '@'. - username: ['uid', 'userid', 'sAMAccountName'] - email: ['mail', 'email', 'userPrincipalName'] + username: {{LDAP_USER_ATTRIBUTE_USERNAME}} + email: {{LDAP_USER_ATTRIBUTE_MAIL}} # If no full name could be found at the attribute specified for `name`, # the full name is determined using the attributes specified for # `first_name` and `last_name`. - name: 'cn' - first_name: 'givenName' - last_name: 'sn' + name: '{{LDAP_USER_ATTRIBUTE_NAME}}' + first_name: '{{LDAP_USER_ATTRIBUTE_FIRSTNAME}}' + last_name: '{{LDAP_USER_ATTRIBUTE_LASTNAME}}' # If lowercase_usernames is enabled, GitLab will lower case the username. lowercase_usernames: {{LDAP_LOWERCASE_USERNAMES}} diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index 47690310..17a0fbc8 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -285,6 +285,11 @@ LDAP_ACTIVE_DIRECTORY=${LDAP_ACTIVE_DIRECTORY:-true} LDAP_BLOCK_AUTO_CREATED_USERS=${LDAP_BLOCK_AUTO_CREATED_USERS:-false} LDAP_BASE=${LDAP_BASE:-} LDAP_USER_FILTER=${LDAP_USER_FILTER:-} +LDAP_USER_ATTRIBUTE_USERNAME=${LDAP_USER_ATTRIBUTE_USERNAME:-['uid', 'userid', 'sAMAccountName']} +LDAP_USER_ATTRIBUTE_MAIL=${LDAP_USER_ATTRIBUTE_MAIL:-['mail', 'email', 'userPrincipalName']} +LDAP_USER_ATTRIBUTE_NAME=${LDAP_USER_ATTRIBUTE_NAME:-cn} +LDAP_USER_ATTRIBUTE_FIRSTNAME=${LDAP_USER_ATTRIBUTE_FIRSTNAME:-givenName} +LDAP_USER_ATTRIBUTE_LASTNAME=${LDAP_USER_ATTRIBUTE_LASTNAME:-sn} LDAP_LOWERCASE_USERNAMES="${LDAP_LOWERCASE_USERNAMES:-false}" LDAP_LABEL=${LDAP_LABEL:-LDAP} LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-} diff --git a/assets/runtime/functions b/assets/runtime/functions index 5ab2e09f..316c3e63 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -463,6 +463,11 @@ gitlab_configure_ldap() { LDAP_BASE \ LDAP_USER_FILTER \ LDAP_LOWERCASE_USERNAMES \ + LDAP_USER_ATTRIBUTE_USERNAME \ + LDAP_USER_ATTRIBUTE_MAIL \ + LDAP_USER_ATTRIBUTE_NAME \ + LDAP_USER_ATTRIBUTE_FIRSTNAME \ + LDAP_USER_ATTRIBUTE_LASTNAME \ LDAP_LABEL }