LDAP sync_time option.

Marin Jankovski
1 parent 0d9abc1a
Showing 2 changed files with 10 additions and 0 deletions Show diff stats
files/gitlab-cookbooks/gitlab/attributes/default.rb
files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
@@ -96,6 +96,7 @@ default[&#39;gitlab&#39;][&#39;gitlab-rails&#39;][&#39;ldap_user_filter&#39;] = nil
 default['gitlab']['gitlab-rails']['ldap_group_base'] = nil
 default['gitlab']['gitlab-rails']['ldap_admin_group'] = nil
 default['gitlab']['gitlab-rails']['ldap_sync_ssh_keys'] = nil
+default['gitlab']['gitlab-rails']['ldap_sync_time'] = nil
 default['gitlab']['gitlab-rails']['omniauth_enabled'] = false
 default['gitlab']['gitlab-rails']['omniauth_allow_single_sign_on'] = nil
 default['gitlab']['gitlab-rails']['omniauth_block_auto_created_users'] = nil
@@ -133,6 +133,15 @@ production: &amp;base
     method: <%= single_quote(@ldap_method) %> # "tls" or "ssl" or "plain"
     bind_dn: <%= single_quote(@ldap_bind_dn) %>
     password: <%= single_quote(@ldap_password) %>
+
+    # This setting controls the amount of time between LDAP permission checks for each user.
+    # After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed.
+    # How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time.
+    # The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour.
+    #
+    # Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users.
+    sync_time: <%= @ldap_sync_time %>
+
     # If allow_username_or_email_login is enabled, GitLab will ignore everything
     # after the first '@' in the LDAP username submitted by the user on login.
     #
	@@ -133,6 +133,15 @@ production: &base		@@ -133,6 +133,15 @@ production: &base
133	method: <%= single_quote(@ldap_method) %> # "tls" or "ssl" or "plain"	133	method: <%= single_quote(@ldap_method) %> # "tls" or "ssl" or "plain"
134	bind_dn: <%= single_quote(@ldap_bind_dn) %>	134	bind_dn: <%= single_quote(@ldap_bind_dn) %>
135	password: <%= single_quote(@ldap_password) %>	135	password: <%= single_quote(@ldap_password) %>
		136	+
		137	+ # This setting controls the amount of time between LDAP permission checks for each user.
		138	+ # After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed.
		139	+ # How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time.
		140	+ # The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour.
		141	+ #
		142	+ # Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users.
		143	+ sync_time: <%= @ldap_sync_time %>
		144	+
136	# If allow_username_or_email_login is enabled, GitLab will ignore everything	145	# If allow_username_or_email_login is enabled, GitLab will ignore everything
137	# after the first '@' in the LDAP username submitted by the user on login.	146	# after the first '@' in the LDAP username submitted by the user on login.
138	#	147	#