add env vars for LDAP Attributes

README.md

@@ -884,6 +884,11 @@ Below is the complete list of available options that can be used to customize yo
 - **LDAP_BLOCK_AUTO_CREATED_USERS**: Locks down those users until they have been cleared by the admin. Defaults to `false`.
 - **LDAP_BASE**: Base where we can search for users. No default.
 - **LDAP_USER_FILTER**: Filter LDAP users. No default.
+- **LDAP_USER_ATTRIBUTE_USERNAME**: Attribute fields for the identification of a user. Default to `['uid', 'userid', 'sAMAccountName']`.
+- **LDAP_USER_ATTRIBUTE_MAIL**: Attribute fields for the shown mail address. Default to `['mail', 'email', 'userPrincipalName']`.
+- **LDAP_USER_ATTRIBUTE_NAME**: Attribute field for the used username of a user. Default to `cn`.
+- **LDAP_USER_ATTRIBUTE_FIRSTNAME**: Attribute field for the forename of a user. Default to `givenName`.
+- **LDAP_USER_ATTRIBUTE_LASTNAME**:  Attribute field for the surname of a user. Default to `sn`.
 - **OAUTH_ENABLED**: Enable OAuth support. Defaults to `true` if any of the support OAuth providers is configured, else defaults to `false`.
 - **OAUTH_AUTO_SIGN_IN_WITH_PROVIDER**: Automatically sign in with a specific OAuth provider without showing GitLab sign-in page. Accepted values are `cas3`, `github`, `bitbucket`, `gitlab`, `google_oauth2`, `facebook`, `twitter`, `saml`, `crowd`, `auth0` and `azure_oauth2`. No default.
 - **OAUTH_ALLOW_SSO**: Comma separated list of oauth providers for single sign-on. This allows users to login without having a user account. The account is created automatically when authentication is successful. Accepted values are `cas3`, `github`, `bitbucket`, `gitlab`, `google_oauth2`, `facebook`, `twitter`, `saml`, `crowd`, `auth0` and `azure_oauth2`. No default.

assets/runtime/config/gitlabhq/gitlab.yml

@@ -278,15 +278,15 @@ production: &base
           # them in issues, merge request and comments (like `@username`).
           # If the attribute specified for `username` contains an email address,
           # the GitLab username will be the part of the email address before the '@'.
-          username: ['uid', 'userid', 'sAMAccountName']
-          email:    ['mail', 'email', 'userPrincipalName']
+          username: {{LDAP_USER_ATTRIBUTE_USERNAME}}
+          email: {{LDAP_USER_ATTRIBUTE_MAIL}}
 
           # If no full name could be found at the attribute specified for `name`,
           # the full name is determined using the attributes specified for
           # `first_name` and `last_name`.
-          name:       'cn'
-          first_name: 'givenName'
-          last_name:  'sn'
+          name: '{{LDAP_USER_ATTRIBUTE_NAME}}'
+          first_name: '{{LDAP_USER_ATTRIBUTE_FIRSTNAME}}'
+          last_name: '{{LDAP_USER_ATTRIBUTE_LASTNAME}}'
 
       # GitLab EE only: add more LDAP servers
       # Choose an ID made of a-z and 0-9 . This ID will be stored in the database

assets/runtime/env-defaults

@@ -200,6 +200,11 @@ LDAP_ACTIVE_DIRECTORY=${LDAP_ACTIVE_DIRECTORY:-true}
 LDAP_BLOCK_AUTO_CREATED_USERS=${LDAP_BLOCK_AUTO_CREATED_USERS:-false}
 LDAP_BASE=${LDAP_BASE:-}
 LDAP_USER_FILTER=${LDAP_USER_FILTER:-}
+LDAP_USER_ATTRIBUTE_USERNAME=${LDAP_USER_ATTRIBUTE_USERNAME:-['uid', 'userid', 'sAMAccountName']}
+LDAP_USER_ATTRIBUTE_MAIL=${LDAP_USER_ATTRIBUTE_MAIL:-['mail', 'email', 'userPrincipalName']}
+LDAP_USER_ATTRIBUTE_NAME=${LDAP_USER_ATTRIBUTE_NAME:-cn}
+LDAP_USER_ATTRIBUTE_FIRSTNAME=${LDAP_USER_ATTRIBUTE_FIRSTNAME:-givenName}
+LDAP_USER_ATTRIBUTE_LASTNAME=${LDAP_USER_ATTRIBUTE_LASTNAME:-sn}
 LDAP_LABEL=${LDAP_LABEL:-LDAP}
 LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-}
 case ${LDAP_UID} in

assets/runtime/functions

@@ -419,6 +419,11 @@ gitlab_configure_ldap() {
     LDAP_BLOCK_AUTO_CREATED_USERS \
     LDAP_BASE \
     LDAP_USER_FILTER \
+    LDAP_USER_ATTRIBUTE_USERNAME \
+    LDAP_USER_ATTRIBUTE_MAIL \
+    LDAP_USER_ATTRIBUTE_NAME \
+    LDAP_USER_ATTRIBUTE_FIRSTNAME \
+    LDAP_USER_ATTRIBUTE_LASTNAME \
     LDAP_LABEL
 }