@@ -66,7 +66,10 @@ Authentiq will generate a Client ID and the accompanying Client Secret for you t
...
@@ -66,7 +66,10 @@ Authentiq will generate a Client ID and the accompanying Client Secret for you t
On the sign in page there should now be an Authentiq icon below the regular sign in form. Click the icon to begin the authentication process.
On the sign in page there should now be an Authentiq icon below the regular sign in form. Click the icon to begin the authentication process.
- If the user has the Authentiq ID app installed in their iOS or Android device, they can scan the QR code, decide what personal details to share and sign in to your GitLab installation.
- If the user has the Authentiq ID app installed in their iOS or Android device, they can:
1. Scan the QR code.
1. Decide what personal details to share.
1. Sign in to your GitLab installation.
- If not they will be prompted to download the app and then follow the procedure above.
- If not they will be prompted to download the app and then follow the procedure above.
If everything goes right, the user will be returned to GitLab and will be signed in.
If everything goes right, the user will be returned to GitLab and will be signed in.
@@ -461,7 +461,8 @@ LDAP email address, and then sign into GitLab via their LDAP credentials.
...
@@ -461,7 +461,8 @@ LDAP email address, and then sign into GitLab via their LDAP credentials.
## Enabling LDAP username lowercase
## Enabling LDAP username lowercase
Some LDAP servers, depending on their configurations, can return uppercase usernames. This can lead to several confusing issues like, for example, creating links or namespaces with uppercase names.
Some LDAP servers, depending on their configurations, can return uppercase usernames.
This can lead to several confusing issues such as creating links or namespaces with uppercase names.
GitLab can automatically lowercase usernames provided by the LDAP server by enabling
GitLab can automatically lowercase usernames provided by the LDAP server by enabling
the configuration option `lowercase_usernames`. By default, this configuration option is `false`.
the configuration option `lowercase_usernames`. By default, this configuration option is `false`.
@@ -14,6 +14,6 @@ GitLab’s [security features](../security/README.md) may also help you meet rel
...
@@ -14,6 +14,6 @@ GitLab’s [security features](../security/README.md) may also help you meet rel
|**[Lock project membership to group](../user/group/index.md#member-lock-starter)**<br>Group owners can prevent new members from being added to projects within a group.|Starter+|✓|
|**[Lock project membership to group](../user/group/index.md#member-lock-starter)**<br>Group owners can prevent new members from being added to projects within a group.|Starter+|✓|
|**[LDAP group sync](auth/ldap-ee.md#group-sync)**<br>GitLab Enterprise Edition gives admins the ability to automatically sync groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools.|Starter+||
|**[LDAP group sync](auth/ldap-ee.md#group-sync)**<br>GitLab Enterprise Edition gives admins the ability to automatically sync groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools.|Starter+||
|**[LDAP group sync filters](auth/ldap-ee.md#group-sync)**<br>GitLab Enterprise Edition Premium gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions.|Premium+||
|**[LDAP group sync filters](auth/ldap-ee.md#group-sync)**<br>GitLab Enterprise Edition Premium gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions.|Premium+||
|**[Audit logs](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives admins the ability to view any modifications made within the GitLab server in an advanced audit log system, so you can control, analyze and track every change.|Premium+||
|**[Audit logs](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives admins the ability to view any modifications made within the GitLab server in an advanced audit log system, so you can control, analyze, and track every change.|Premium+||
|**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance.|Premium+||
|**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance.|Premium+||
|**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. |Ultimate||
|**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. |Ultimate||
@@ -12,7 +12,8 @@ Replication with Geo is the solution for widely distributed development teams.
...
@@ -12,7 +12,8 @@ Replication with Geo is the solution for widely distributed development teams.
Fetching large repositories can take a long time for teams located far from a single GitLab instance.
Fetching large repositories can take a long time for teams located far from a single GitLab instance.
Geo provides local, read-only instances of your GitLab instances, reducing the time it takes to clone and fetch large repositories and speeding up development.
Geo provides local, read-only instances of your GitLab instances. This can reduce the time it takes
to clone and fetch large repositories, speeding up development.
NOTE: **Note:**
NOTE: **Note:**
Check the [requirements](#requirements-for-running-geo) carefully before setting up Geo.
Check the [requirements](#requirements-for-running-geo) carefully before setting up Geo.
...
@@ -269,7 +270,7 @@ For answers to common questions, see the [Geo FAQ](faq.md).
...
@@ -269,7 +270,7 @@ For answers to common questions, see the [Geo FAQ](faq.md).
Since GitLab 9.5, Geo stores structured log messages in a `geo.log` file. For Omnibus installations, this file is at `/var/log/gitlab/gitlab-rails/geo.log`.
Since GitLab 9.5, Geo stores structured log messages in a `geo.log` file. For Omnibus installations, this file is at `/var/log/gitlab/gitlab-rails/geo.log`.
This file contains information about when Geo attempts to sync repositories and files. Each line in the file contains a separate JSON entry that can be ingested into Elasticsearch, Splunk, etc.
This file contains information about when Geo attempts to sync repositories and files. Each line in the file contains a separate JSON entry that can be ingested into, for example, Elasticsearch or Splunk.
@@ -76,7 +76,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
...
@@ -76,7 +76,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
### Maintaining GitLab
### Maintaining GitLab
-[Raketasks](../raketasks/README.md): Perform various tasks for maintenance, backups, automatic webhooks setup, etc.
-[Raketasks](../raketasks/README.md): Perform various tasks for maintenance, backups, automatic webhooks setup, and more.
-[Backup and restore](../raketasks/backup_restore.md): Backup and restore your GitLab instance.
-[Backup and restore](../raketasks/backup_restore.md): Backup and restore your GitLab instance.
-[Operations](operations/index.md): Keeping GitLab up and running (clean up Redis sessions, moving repositories, Sidekiq MemoryKiller, Unicorn).
-[Operations](operations/index.md): Keeping GitLab up and running (clean up Redis sessions, moving repositories, Sidekiq MemoryKiller, Unicorn).
-[Restart GitLab](restart_gitlab.md): Learn how to restart GitLab and its components.
-[Restart GitLab](restart_gitlab.md): Learn how to restart GitLab and its components.
...
@@ -107,7 +107,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
...
@@ -107,7 +107,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
-[Libravatar](libravatar.md): Use Libravatar instead of Gravatar for user avatars.
-[Libravatar](libravatar.md): Use Libravatar instead of Gravatar for user avatars.
-[Sign-up restrictions](../user/admin_area/settings/sign_up_restrictions.md): block email addresses of specific domains, or whitelist only specific domains.
-[Sign-up restrictions](../user/admin_area/settings/sign_up_restrictions.md): block email addresses of specific domains, or whitelist only specific domains.
-[Access restrictions](../user/admin_area/settings/visibility_and_access_controls.md#enabled-git-access-protocols): Define which Git access protocols can be used to talk to GitLab (SSH, HTTP, HTTPS).
-[Access restrictions](../user/admin_area/settings/visibility_and_access_controls.md#enabled-git-access-protocols): Define which Git access protocols can be used to talk to GitLab (SSH, HTTP, HTTPS).
-[Authentication and Authorization](auth/README.md): Configure external authentication with LDAP, SAML, CAS and additional providers.
-[Authentication and Authorization](auth/README.md): Configure external authentication with LDAP, SAML, CAS, and additional providers.
@@ -148,7 +148,14 @@ However, you should **not** reinstate your old data _except_ under one of the fo
...
@@ -148,7 +148,14 @@ However, you should **not** reinstate your old data _except_ under one of the fo
1. If you are certain that you changed your default admin password when you enabled Grafana
1. If you are certain that you changed your default admin password when you enabled Grafana
1. If you run GitLab in a private network, accessed only by trusted users, and your Grafana login page has not been exposed to the internet
1. If you run GitLab in a private network, accessed only by trusted users, and your Grafana login page has not been exposed to the internet
If you require access to your old Grafana data but do not meet one of these criteria, you may consider reinstating it temporarily, [exporting the dashboards](https://grafana.com/docs/reference/export_import/#exporting-a-dashboard) you need, then refreshing the data and [re-importing your dashboards](https://grafana.com/docs/reference/export_import/#importing-a-dashboard). Note that this poses a temporary vulnerability while your old Grafana data is in use, and the decision to do so should be weighed carefully with your need to access existing data and dashboards.
If you require access to your old Grafana data but do not meet one of these criteria, you may consider:
1. Reinstating it temporarily.
1.[Exporting the dashboards](https://grafana.com/docs/reference/export_import/#exporting-a-dashboard) you need.
1. Refreshing the data and [re-importing your dashboards](https://grafana.com/docs/reference/export_import/#importing-a-dashboard).
DANGER: **Danger:**
This poses a temporary vulnerability while your old Grafana data is in use and the decision to do so should be weighed carefully with your need to access existing data and dashboards.
For more information and further mitigation details, please refer to our [blog post on the security release](https://about.gitlab.com/blog/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/).
For more information and further mitigation details, please refer to our [blog post on the security release](https://about.gitlab.com/blog/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/).