Merge branch 'custom-ldap-sync-settings' into 'master'

Add custom LDAP user and group sync settings See merge request !1636

Merge branch 'custom-ldap-sync-settings' into 'master'
Add custom LDAP user and group sync settings See merge request !1636
961d1fb1 · Achilleas Pipinellis · 7e4151c8 · d721f8df · 961d1fb1
Commit 961d1fb1 authored Apr 26, 2017 by Achilleas Pipinellis
Hide whitespace changes
Inline Side-by-side

Showing with 69 additions and 1 deletion

doc/administration/auth/ldap.md doc/administration/auth/ldap.md +69 -1

No files found.
--- a/doc/administration/auth/ldap.md
+++ b/doc/administration/auth/ldap.md
@@ -8,7 +8,7 @@ membership syncing.

 ## GitLab EE

-The information on this page is relevent for both GitLab CE and EE. For more
+The information on this page is relevant for both GitLab CE and EE. For more
 details about EE-specific LDAP features, see [LDAP EE Documentation](ldap-ee.md).

 [//]: # (Do *NOT* modify this file in EE documentation. All changes in this)
@@ -285,6 +285,74 @@ In other words, if an existing GitLab user wants to enable LDAP sign-in for
 themselves, they should check that their GitLab email address matches their
 LDAP email address, and then sign into GitLab via their LDAP credentials.

+## Adjusting LDAP user and group sync schedules
+
+You can manually configure LDAP user and group sync times by setting the
+following configuration values.
+
+>**Note:**
+These are cron formatted values. You can use a crontab generator to create
+these values, for example http://www.crontabgenerator.com/.
+
+### Adjusting LDAP user sync schedule
+
+By default, GitLab will run a worker once per day at 01:30 a.m. server time to
+check and update GitLab users against LDAP.
+
+**Omnibus installations**
+
+1. Edit `/etc/gitlab/gitlab.rb`:
+
+    ```ruby
+    gitlab_rails['ldap_sync_worker_cron'] = "* */12 * * *"
+    ```
+
+1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
+
+**Source installations**
+
+1. Edit `config/gitlab.yaml`:
+
+    ```yaml
+    cron_jobs
+      ldap_sync_worker_cron:
+        "* */12 * * *"
+    ```
+
+1. [Restart GitLab](../restart_gitlab.md#installations-from-source) for the changes to take effect.
+
+### Adjusting LDAP group sync schedule
+
+By default, GitLab will run a group sync process every hour, on the hour.
+
+>**Note**: It's recommended not to run group sync at too short intervals as this
+could lead to multiple syncs running concurrently. This is primarily a concern
+for installations with a large number of LDAP users. Please review the
+[LDAP group sync benchmark metrics](../auth/ldap-ee.md#benchmarks) to see how
+your installation compares before proceeding.
+
+**Omnibus installations**
+
+1. Edit `/etc/gitlab/gitlab.rb`:
+
+    ```ruby
+    gitlab_rails['ldap_group_sync_worker_cron'] = "*/30 * * * *"
+    ```
+
+1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
+
+**Source installations**
+
+1. Edit `config/gitlab.yaml`:
+
+    ```yaml
+    cron_jobs
+      ldap_group_sync_worker_cron:
+        "*/30 * * * *"
+    ```
+
+1. [Restart GitLab](../restart_gitlab.md#installations-from-source) for the changes to take effect.
+
 ## Limitations

 ### TLS Client Authentication