Move multiple LDAP servers content and edit for CTRT

d720a95b · Evan Read · Suzanne Selhorn · 8d23befa · d720a95b · d720a95b
Commit d720a95b authored Nov 24, 2021 by Evan Read Committed by Suzanne Selhorn Nov 24, 2021
Showing with 47 additions and 52 deletions

doc/administration/auth/ldap/index.md doc/administration/auth/ldap/index.md +45 -50

doc/administration/auth/ldap/ldap-troubleshooting.md doc/administration/auth/ldap/ldap-troubleshooting.md +2 -2

No files found.
--- a/doc/administration/auth/ldap/index.md
+++ b/doc/administration/auth/ldap/index.md
@@ -222,6 +222,51 @@ These LDAP sync configuration settings are available:
 | `external_groups` | An array of CNs of groups containing users that should be considered external. Not `cn=interns` or the full DN. | **{dotted-circle}** No | `['interns', 'contractors']` |
 | `sync_ssh_keys`   | The LDAP attribute containing a user's public SSH key. | **{dotted-circle}** No | `'sshPublicKey'` or false if not set |

+### Use multiple LDAP servers **(PREMIUM SELF)**
+
+If you have users on multiple LDAP servers, you can configure GitLab to use them. To add additional LDAP servers:
+
+1. Duplicate the [`main` LDAP configuration](#configure-ldap).
+1. Edit each duplicate configuration with the details of the additional servers.
+   - For each additional server, choose a different provider ID, like `main`, `secondary`, or `tertiary`. Use lowercase
+     alphanumeric characters. GitLab uses the provider ID to associate each user with a specific LDAP server.
+   - For each entry, use a unique `label` value. These values are used for the tab names on the sign-in page.
+
+#### Example of multiple LDAP servers
+
+The following example shows how to configure three LDAP servers in `gitlab.rb`:
+
+```ruby
+gitlab_rails['ldap_enabled'] = true
+gitlab_rails['ldap_servers'] = {
+'main' => {
+  'label' => 'GitLab AD',
+  'host' =>  'ad.example.org',
+  'port' => 636,
+  ...
+  },
+
+'secondary' => {
+  'label' => 'GitLab Secondary AD',
+  'host' =>  'ad-secondary.example.net',
+  'port' => 636,
+  ...
+  },
+
+'tertiary' => {
+  'label' => 'GitLab Tertiary AD',
+  'host' =>  'ad-tertiary.example.net',
+  'port' => 636,
+  ...
+  }
+
+}
+```
+
+This example results in the following sign-in page:
+
+![Multiple LDAP servers sign in](img/multi_login.gif)
+
 ### Set up LDAP user filter

 To limit all GitLab access to a subset of the LDAP users on your LDAP server, first narrow the
@@ -452,56 +497,6 @@ If initially your LDAP configuration looked like:

 1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.

-## Multiple LDAP servers **(PREMIUM SELF)**
-
-With GitLab, you can configure multiple LDAP servers that your GitLab instance
-connects to.
-
-To add another LDAP server:
-
-1. Duplicate the settings under [the main configuration](#configure-ldap).
-1. Edit them to match the additional LDAP server.
-
-Be sure to choose a different provider ID made of letters a-z and numbers 0-9.
-This ID is stored in the database so that GitLab can remember which LDAP
-server a user belongs to.
-
-![Multiple LDAP Servers Sign in](img/multi_login.gif)
-
-Based on the example illustrated on the image above,
-our `gitlab.rb` configuration would look like:
-
-```ruby
-gitlab_rails['ldap_enabled'] = true
-gitlab_rails['ldap_servers'] = {
-'main' => {
-  'label' => 'GitLab AD',
-  'host' =>  'ad.example.org',
-  'port' => 636,
-  ...
-  },
-
-'secondary' => {
-  'label' => 'GitLab Secondary AD',
-  'host' =>  'ad-secondary.example.net',
-  'port' => 636,
-  ...
-  },
-
-'tertiary' => {
-  'label' => 'GitLab Tertiary AD',
-  'host' =>  'ad-tertiary.example.net',
-  'port' => 636,
-  ...
-  }
-
-}
-```
-
-If you configure multiple LDAP servers, use a unique naming convention for the
-`label` section of each entry. That label is used as the display name of the tab
-shown on the sign-in page.
-
 ## Disable anonymous LDAP authentication

 GitLab doesn't support TLS client authentication. Complete these steps on your LDAP server.

--- a/doc/administration/auth/ldap/ldap-troubleshooting.md
+++ b/doc/administration/auth/ldap/ldap-troubleshooting.md
@@ -582,8 +582,8 @@ for each of these users.

 ## Expired license causes errors with multiple LDAP servers

-Using [multiple LDAP servers](index.md#multiple-ldap-servers) requires a valid license. An expired
-license can cause:
+Using [multiple LDAP servers](index.md#use-multiple-ldap-servers) requires a valid license. An expired license can
+cause:

 - `502` errors in the web interface.
 - The following error in logs (the actual strategy name depends on the name configured in `/etc/gitlab/gitlab.rb`):