diff --git a/files/gitlab-cookbooks/gitlab/attributes/default.rb b/files/gitlab-cookbooks/gitlab/attributes/default.rb index 9a69942..49ddea8 100644 --- a/files/gitlab-cookbooks/gitlab/attributes/default.rb +++ b/files/gitlab-cookbooks/gitlab/attributes/default.rb @@ -96,6 +96,7 @@ default['gitlab']['gitlab-rails']['ldap_user_filter'] = nil default['gitlab']['gitlab-rails']['ldap_group_base'] = nil default['gitlab']['gitlab-rails']['ldap_admin_group'] = nil default['gitlab']['gitlab-rails']['ldap_sync_ssh_keys'] = nil +default['gitlab']['gitlab-rails']['ldap_sync_time'] = nil default['gitlab']['gitlab-rails']['omniauth_enabled'] = false default['gitlab']['gitlab-rails']['omniauth_allow_single_sign_on'] = nil default['gitlab']['gitlab-rails']['omniauth_block_auto_created_users'] = nil diff --git a/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb b/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb index 14fcf49..001b7c9 100644 --- a/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb +++ b/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb @@ -133,6 +133,15 @@ production: &base method: <%= single_quote(@ldap_method) %> # "tls" or "ssl" or "plain" bind_dn: <%= single_quote(@ldap_bind_dn) %> password: <%= single_quote(@ldap_password) %> + + # This setting controls the amount of time between LDAP permission checks for each user. + # After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed. + # How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time. + # The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour. + # + # Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users. + sync_time: <%= @ldap_sync_time %> + # If allow_username_or_email_login is enabled, GitLab will ignore everything # after the first '@' in the LDAP username submitted by the user on login. # -- libgit2 0.21.2