Merge branch 'ldap_sync_time_option' into 'master'

Ldap sync time option Fixes #227 See merge request !195

Merge branch 'ldap_sync_time_option' into 'master'
Ldap sync time option Fixes #227 See merge request !195
Jacob Vosmaer
2 parents 0d9abc1a ccdf32bc
Showing 2 changed files with 10 additions and 0 deletions Show diff stats
files/gitlab-cookbooks/gitlab/attributes/default.rb
files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
@@ -96,6 +96,7 @@ default[&#39;gitlab&#39;][&#39;gitlab-rails&#39;][&#39;ldap_user_filter&#39;] = nil
 default['gitlab']['gitlab-rails']['ldap_group_base'] = nil
 default['gitlab']['gitlab-rails']['ldap_admin_group'] = nil
 default['gitlab']['gitlab-rails']['ldap_sync_ssh_keys'] = nil
+default['gitlab']['gitlab-rails']['ldap_sync_time'] = nil
 default['gitlab']['gitlab-rails']['omniauth_enabled'] = false
 default['gitlab']['gitlab-rails']['omniauth_allow_single_sign_on'] = nil
 default['gitlab']['gitlab-rails']['omniauth_block_auto_created_users'] = nil
@@ -133,6 +133,15 @@ production: &amp;base
     method: <%= single_quote(@ldap_method) %> # "tls" or "ssl" or "plain"
     bind_dn: <%= single_quote(@ldap_bind_dn) %>
     password: <%= single_quote(@ldap_password) %>
+
+    # This setting controls the amount of time between LDAP permission checks for each user.
+    # After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed.
+    # How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time.
+    # The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour.
+    #
+    # Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users.
+    sync_time: <%= @ldap_sync_time %>
+
     # If allow_username_or_email_login is enabled, GitLab will ignore everything
     # after the first '@' in the LDAP username submitted by the user on login.
     #
...	...	@@ -96,6 +96,7 @@ default['gitlab']['gitlab-rails']['ldap_user_filter'] = nil
96	96	default['gitlab']['gitlab-rails']['ldap_group_base'] = nil
97	97	default['gitlab']['gitlab-rails']['ldap_admin_group'] = nil
98	98	default['gitlab']['gitlab-rails']['ldap_sync_ssh_keys'] = nil
	99	+default['gitlab']['gitlab-rails']['ldap_sync_time'] = nil
99	100	default['gitlab']['gitlab-rails']['omniauth_enabled'] = false
100	101	default['gitlab']['gitlab-rails']['omniauth_allow_single_sign_on'] = nil
101	102	default['gitlab']['gitlab-rails']['omniauth_block_auto_created_users'] = nil
...	...
...	...	@@ -133,6 +133,15 @@ production: &base
133	133	method: <%= single_quote(@ldap_method) %> # "tls" or "ssl" or "plain"
134	134	bind_dn: <%= single_quote(@ldap_bind_dn) %>
135	135	password: <%= single_quote(@ldap_password) %>
	136	+
	137	+ # This setting controls the amount of time between LDAP permission checks for each user.
	138	+ # After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed.
	139	+ # How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time.
	140	+ # The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour.
	141	+ #
	142	+ # Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users.
	143	+ sync_time: <%= @ldap_sync_time %>
	144	+
136	145	# If allow_username_or_email_login is enabled, GitLab will ignore everything
137	146	# after the first '@' in the LDAP username submitted by the user on login.
138	147	#
...	...