update gitlab.yml.example

2017-09-12 17:43:12 +05:30 · 2017-09-12 17:43:12 +05:30 · efab522bee
commit efab522bee
parent 369acfbadf
1 changed files with 376 additions and 71 deletions
--- a/debian/conf/gitlab.yml.example
+++ b/debian/conf/gitlab.yml.example
@ -4,8 +4,8 @@
 #
 ###########################  NOTE  #####################################
 # This file should not receive new settings. All configuration options #
-# that do not require an application restart are being moved to        #
+# * are being moved to ApplicationSetting model!                       #
-# ApplicationSetting model!                                            #
+# If a setting requires an application restart say so in that screen.  #
 # If you change this file in a Merge Request, please also create       #
 # a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests  #
 ########################################################################
@ -31,7 +31,6 @@ production: &base
  ## GitLab settings
  gitlab:
    ## Web server settings (note: host is the FQDN, do not include http://)
    # Using environmental variables from /etc/gitlab/gitlab-debian.conf
    #host: localhost
    #port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
    https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
@ -41,12 +40,25 @@ production: &base
    # Otherwise, ssh host will be set to the `host:` value above
    # ssh_host: ssh.host_example.com
-    # WARNING: See config/application.rb under "Relative url support" for the list of
+    # Relative URL support
-    # other files that need to be changed for relative url support
+    # WARNING: We recommend using an FQDN to host GitLab in a root path instead
    # of using a relative URL.
    # Documentation: http://doc.gitlab.com/ce/install/relative_url.html
    # Uncomment and customize the following line to run in a non-root path
    #
    # relative_url_root: /gitlab
    # Trusted Proxies
    # Customize if you have GitLab behind a reverse proxy which is running on a different machine.
    # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
    trusted_proxies:
      # Examples:
      #- 192.168.1.0/24
      #- 192.168.2.1
      #- 2001:0db8::/32
    # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
-    user: GITLAB_USER #gitlab_user (DON'T REMOVE THIS COMMENT)
+    user: git #gitlab_user (DON'T REMOVE THIS COMMENT)
    user_home: /var/lib/gitlab
    ## Date & Time settings
@ -62,33 +74,28 @@ production: &base
    # email_from: example@example.com
    # email_display_name: GitLab
    # email_reply_to: noreply@example.com
    # email_subject_suffix: ''
    # Email server smtp settings are in config/initializers/smtp_settings.rb.sample
    # default_can_create_group: false  # default: true
    # username_changing_enabled: false # default: true - User can change her username/namespace
    ## Default theme ID
    ##   1 - Graphite
    ##   2 - Charcoal
    ##   3 - Green
    ##   4 - Gray
    ##   5 - Violet
    ##   6 - Blue
    # default_theme: 2 # default: 2
    ## Automatic issue closing
    # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
    # This happens when the commit is pushed or merged into the default branch of a project.
    # When not specified the default issue_closing_pattern as specified below will be used.
    # Tip: you can test your closing pattern at http://rubular.com.
-    # issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?) +(?:(?:issues? +)?#\d+(?:(?:, *| +and +)?))+)'
+    # issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'
    ## Default project features settings
    default_projects_features:
      issues: true
      merge_requests: true
      wiki: true
-      snippets: false
+      snippets: true
      builds: true
      container_registry: true
    ## Webhook settings
    # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
@ -96,24 +103,114 @@ production: &base
    ## Repository downloads directory
    # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
-    # The default is 'tmp/repositories' relative to the root of the Rails app.
+    # The default is 'shared/cache/archive/' relative to the root of the Rails app.
-    # repository_downloads_path: tmp/repositories
+    # repository_downloads_path: shared/cache/archive/
  ## Reply by email
  # Allow users to comment on issues and merge requests by replying to notification emails.
-  # For documentation on how to set this up, see http://doc.gitlab.com/ce/incoming_email/README.html
+  # For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html
  incoming_email:
    enabled: false
-    address: "incoming+%{key}@gitlab.example.com"
+
    # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
    # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
    address: "gitlab-incoming+%{key}@gmail.com"
    # Email account username
    # With third party providers, this is usually the full email address.
    # With self-hosted email servers, this is usually the user part of the email address.
    user: "gitlab-incoming@gmail.com"
    # Email account password
    password: "[REDACTED]"
    # IMAP server host
    host: "imap.gmail.com"
    # IMAP server port
    port: 993
    # Whether the IMAP server uses SSL
    ssl: true
    # Whether the IMAP server uses StartTLS
    start_tls: false
    # The mailbox where incoming mail will end up. Usually "inbox".
    mailbox: "inbox"
    # The IDLE command timeout.
    idle_timeout: 60
  ## Build Artifacts
  artifacts:
    enabled: true
    # The location where build artifacts are stored (default: shared/artifacts).
    # path: shared/artifacts
  ## Git LFS
  lfs:
    enabled: true
    # The location where LFS objects are stored (default: shared/lfs-objects).
    # storage_path: shared/lfs-objects
  ## GitLab Pages
  pages:
    enabled: false
    # The location where pages are stored (default: shared/pages).
    # path: shared/pages
    # The domain under which the pages are served:
    # http://group.example.com/project
    # or project path can be a group page: group.example.com
    host: example.com
    port: 80 # Set to 443 if you serve the pages with HTTPS
    https: false # Set to true if you serve the pages with HTTPS
    # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages
    # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages
  ## Mattermost
  ## For enabling Add to Mattermost button
  mattermost:
    enabled: false
    host: 'https://mattermost.example.com'
  ## Gravatar
  ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
  gravatar:
-    enabled: true                 # Use user avatar image from Gravatar.com (default: true)
+    # gravatar urls: possible placeholders: %{hash} %{size} %{email} %{username}
    # gravatar urls: possible placeholders: %{hash} %{size} %{email}
    # plain_url: "http://..."     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
    # ssl_url:   "https://..."    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
  ## Auxiliary jobs
  # Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc.
  # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
  cron_jobs:
    # Flag stuck CI jobs as failed
    stuck_ci_jobs_worker:
      cron: "0 * * * *"
    # Execute scheduled triggers
    pipeline_schedule_worker:
      cron: "19 * * * *"
    # Remove expired build artifacts
    expire_build_artifacts_worker:
      cron: "50 * * * *"
    # Periodically run 'git fsck' on all repositories. If started more than
    # once per hour you will have concurrent 'git fsck' jobs.
    repository_check_worker:
      cron: "20 * * * *"
    # Send admin emails once a week
    admin_email_worker:
      cron: "0 0 * * 0"
    # Remove outdated repository archives
    repository_archive_cache_worker:
      cron: "0 * * * *"
  registry:
    # enabled: true
    # host: registry.example.com
    # port: 5005
    # api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API
    # key: config/registry.key
    # path: shared/registry
    # issuer: gitlab-issuer
  #
  # 2. GitLab CI settings
  # ==========================
@ -135,7 +232,8 @@ production: &base
  # ==========================
  ## LDAP settings
-  # You can inspect a sample of the LDAP users with login access by running:
+  # You can test connections and inspect a sample of the LDAP users with login
  # access by running:
  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
  ldap:
    enabled: false
@ -158,13 +256,50 @@ production: &base
        # Example: 'Paris' or 'Acme, Ltd.'
        label: 'LDAP'
        # Example: 'ldap.mydomain.com'
        host: '_your_ldap_server'
-        port: 389
+        # This port is an example, it is sometimes different but it is always an integer and not a string
-        uid: 'sAMAccountName'
+        port: 389 # usually 636 for SSL
-        method: 'plain' # "tls" or "ssl" or "plain"
+        uid: 'sAMAccountName' # This should be the attribute, not the value that maps to uid.
        # Examples: 'america\\momo' or 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=com'
        bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
        password: '_the_password_of_the_bind_user'
-          
+
        # Encryption method. The "method" key is deprecated in favor of
        # "encryption".
        #
        #   Examples: "start_tls" or "simple_tls" or "plain"
        #
        #   Deprecated values: "tls" was replaced with "start_tls" and "ssl" was
        #   replaced with "simple_tls".
        #
        encryption: 'plain'
        # Enables SSL certificate verification if encryption method is
        # "start_tls" or "simple_tls". (Defaults to false for backward-
        # compatibility)
        verify_certificates: false
        # Specifies the path to a file containing a PEM-format CA certificate,
        # e.g. if you need to use an internal CA.
        #
        #   Example: '/etc/ca.pem'
        #
        ca_file: ''
        # Specifies the SSL version for OpenSSL to use, if the OpenSSL default
        # is not appropriate.
        #
        #   Example: 'TLSv1_1'
        #
        ssl_version: ''
        # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
        # a request if the LDAP server becomes unresponsive.
        # A value of 0 means there is no timeout.
        timeout: 10
        # This setting specifies if LDAP server is Active Directory LDAP server.
        # For non AD servers it skips the AD specific queries.
        # If your LDAP server is not AD, set this to false.
@ -188,17 +323,20 @@ production: &base
        # Base where we can search for users
        #
-        #   Ex. ou=People,dc=gitlab,dc=example
+        #   Ex. 'ou=People,dc=gitlab,dc=example' or 'DC=mydomain,DC=com'
        #
        base: ''
        # Filter LDAP users
        #
-        #   Format: RFC 4515 http://tools.ietf.org/search/rfc4515
+        #   Format: RFC 4515 https://tools.ietf.org/search/rfc4515
        #   Ex. (employeeType=developer)
        #
        #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
        #
        #   Example for getting only specific users:
        #   '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))'
        #
        user_filter: ''
        # LDAP attributes that GitLab will use to create an account for the LDAP user.
@ -209,13 +347,13 @@ production: &base
          # The username will be used in paths for the user's own projects
          # (like `gitlab.example.com/username/project`) and when mentioning
          # them in issues, merge request and comments (like `@username`).
-          # If the attribute specified for `username` contains an email address, 
+          # If the attribute specified for `username` contains an email address,
          # the GitLab username will be the part of the email address before the '@'.
          username: ['uid', 'userid', 'sAMAccountName']
          email:    ['mail', 'email', 'userPrincipalName']
          # If no full name could be found at the attribute specified for `name`,
-          # the full name is determined using the attributes specified for 
+          # the full name is determined using the attributes specified for
          # `first_name` and `last_name`.
          name:       'cn'
          first_name: 'givenName'
@ -239,16 +377,34 @@ production: &base
    # showing GitLab's sign-in page (default: show the GitLab sign-in page)
    # auto_sign_in_with_provider: saml
    # Sync user's email address from the specified Omniauth provider every time the user logs
    # in (default: nil). And consequently make this field read-only.
    # sync_email_from_provider: cas3
    # CAUTION!
-    # This allows users to login without having a user account first (default: false).
+    # This allows users to login without having a user account first. Define the allowed providers
    # using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
    # User accounts will be created automatically when authentication was successful.
-    allow_single_sign_on: false
+    allow_single_sign_on: ["saml"]
    # Locks down those users until they have been cleared by the admin (default: true).
    block_auto_created_users: true
    # Look up new users in LDAP servers. If a match is found (same uid), automatically
    # link the omniauth identity with the LDAP account. (default: false)
    auto_link_ldap_user: false
    # Allow users with existing accounts to login and auto link their account via SAML
    # login, without having to do a manual login first and manually add SAML
    # (default: false)
    auto_link_saml_user: false
    # Set different Omniauth providers as external so that all users creating accounts
    # via these providers will not be able to have access to internal projects. You
    # will need to use the full name of the provider, like `google_oauth2` for Google.
    # Refer to the examples below for the full names of the supported providers.
    # (default: [])
    external_providers: []
    ## Auth providers
    # Uncomment the following lines and fill in the data of the auth provider you want to use
    # If your favorite auth provider is not listed you can use others:
@ -257,29 +413,53 @@ production: &base
    # arguments, followed by optional 'args' which can be either a hash or an array.
    # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
    providers:
-      # - { name: 'google_oauth2', 
+      # See omniauth-cas3 for more configuration details
-      #     label: 'Google',
+      # - { name: 'cas3',
-      #     app_id: 'YOUR_APP_ID', 
+      #     label: 'cas3',
-      #     app_secret: 'YOUR_APP_SECRET',
+      #     args: {
-      #     args: { access_type: 'offline', approval_prompt: '' } }
+      #             url: 'https://sso.example.com',
-      # - { name: 'twitter', 
+      #             disable_ssl_verification: false,
-      #     app_id: 'YOUR_APP_ID', 
+      #             login_url: '/cas/login',
-      #     app_secret: 'YOUR_APP_SECRET' }
+      #             service_validate_url: '/cas/p3/serviceValidate',
-      # - { name: 'github', 
+      #             logout_url: '/cas/logout'} }
-      #     label: 'GitHub',
+      # - { name: 'authentiq',
-      #     app_id: 'YOUR_APP_ID', 
+      #     # for client credentials (client ID and secret), go to https://www.authentiq.com/developers
      #     app_id: 'YOUR_CLIENT_ID',
      #     app_secret: 'YOUR_CLIENT_SECRET',
      #     args: {
      #             scope: 'aq:name email~rs address aq:push'
      #             # callback_url parameter is optional except when 'gitlab.host' in this file is set to 'localhost'
      #             # callback_url: 'YOUR_CALLBACK_URL'
      #           }
      #   }
      # - { name: 'github',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET',
      #     url: "https://github.com/",
      #     verify_ssl: true,
      #     args: { scope: 'user:email' } }
-      # - { name: 'gitlab', 
+      # - { name: 'bitbucket',
-      #     label: 'GitLab.com',
+      #     app_id: 'YOUR_APP_ID',
-      #     app_id: 'YOUR_APP_ID', 
+      #     app_secret: 'YOUR_APP_SECRET' }
      # - { name: 'gitlab',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET',
      #     args: { scope: 'api' } }
-      # - { name: 'bitbucket', 
+      # - { name: 'google_oauth2',
-      #     app_id: 'YOUR_APP_ID', 
+      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET',
      #     args: { access_type: 'offline', approval_prompt: '' } }
      # - { name: 'facebook',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET' }
-      # - { name: 'saml', 
+      # - { name: 'twitter',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET' }
      #
      # - { name: 'saml',
      #     label: 'Our SAML Provider',
      #     groups_attribute: 'Groups',
      #     external_groups: ['Contractors', 'Freelancers'],
      #     args: {
      #             assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
      #             idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
@ -287,24 +467,54 @@ production: &base
      #             issuer: 'https://gitlab.example.com',
      #             name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
      #           } }
      #
      # - { name: 'crowd',
      #     args: {
      #       crowd_server_url: 'CROWD SERVER URL',
      #       application_name: 'YOUR_APP_NAME',
      #       application_password: 'YOUR_APP_PASSWORD' } }
      #
      # - { name: 'auth0',
      #     args: {
      #       client_id: 'YOUR_AUTH0_CLIENT_ID',
      #       client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
      #       namespace: 'YOUR_AUTH0_DOMAIN' } }
    # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
    # cas3:
    #   session_duration: 28800
  # Shared file storage settings
  shared:
    # path: /mnt/gitlab # Default: shared
  # Gitaly settings
  gitaly:
    # Default Gitaly authentication token. Can be overriden per storage. Can
    # be left blank when Gitaly is running locally on a Unix socket, which
    # is the normal way to deploy Gitaly.
    token:
  #
  # 4. Advanced settings
  # ==========================
-  # GitLab Satellites
+  ## Repositories settings
-  satellites:
+  repositories:
-    # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
+    # Paths where repositories can be stored. Give the canonicalized absolute pathname.
-    path: /home/git/gitlab-satellites/
+    # IMPORTANT: None of the path components may be symlink, because
-    timeout: 30
+    # gitlab-shell invokes Dir.pwd inside the repository path and that results
    # real path not the symlink.
    storages: # You must have at least a `default` storage path.
      default:
        path: /var/lib/gitlab/repositories/
        gitaly_address: unix:/var/lib/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port)
        # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage.
        failure_count_threshold: 10 # number of failures before stopping attempts
        failure_wait_time: 30 # Seconds after an access failure before allowing access again
        failure_reset_time: 1800 # Time in seconds to expire failures
        storage_timeout: 5 # Time in seconds to wait before aborting a storage access attempt
  ## Backup settings
  backup:
@ -324,26 +534,35 @@ production: &base
    #   # Use multipart uploads when file size reaches 100MB, see
    #   #  http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
    #   multipart_chunk_size: 104857600
    #   # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
    #   # encryption: 'AES256'
    #   # Specifies Amazon S3 storage class to use for backups, this is optional
    #   # storage_class: 'STANDARD'
  ## GitLab Shell settings
  gitlab_shell:
    path: /usr/share/gitlab-shell/
    # REPOS_PATH MUST NOT BE A SYMLINK!!!
    repos_path: /var/lib/gitlab/repositories/
    hooks_path: /usr/share/gitlab-shell/hooks/
    # File that contains the secret key for verifying access for gitlab-shell.
    # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
-    secret_file: /var/lib/gitlab/.gitlab_shell_secret
+    # secret_file: /var/lib/gitlab/.gitlab_shell_secret
    # Git over HTTP
    upload_pack: true
    receive_pack: true
    # Git import/fetch timeout
    # git_timeout: 800
    # If you use non-standard ssh port you need to specify it
    # ssh_port: 22
  workhorse:
    # File that contains the secret key for verifying access for gitlab-workhorse.
    # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
    # secret_file: /var/lib/gitlab/.gitlab_workhorse_secret
  ## Git settings
  # CAUTION!
  # Use the default values unless you really know what you are doing
@ -356,6 +575,31 @@ production: &base
    # Git timeout to read a commit, in seconds
    timeout: 10
  ## Webpack settings
  # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
  # on a given port instead of serving directly from /assets/webpack. This is only indended for use
  # in development.
  webpack:
    # dev_server:
    #   enabled: true
    #   host: localhost
    #   port: 3808
  ## Monitoring
  # Built in monitoring settings
  monitoring:
    # Time between sampling of unicorn socket metrics, in seconds
    # unicorn_sampler_interval: 10
    # IP whitelist to access monitoring endpoints
    ip_whitelist:
      - 127.0.0.0/8
    # Sidekiq exporter is webserver built in to Sidekiq to expose Prometheus metrics
    sidekiq_exporter:
    #  enabled: true
    #  address: localhost
    #  port: 3807
  #
  # 5. Extra customization
  # ==========================
@ -392,6 +636,8 @@ test:
  <<: *base
  gravatar:
    enabled: true
  lfs:
    enabled: false
  gitlab:
    host: localhost
    port: 80
@ -399,25 +645,85 @@ test:
    # When you run tests we clone and setup gitlab-shell
    # In order to setup it correctly you need to specify
    # your system username you use to run GitLab
-    user: gitlab
+    # user: YOUR_USERNAME
-    email_from: example@example.com
+  pages:
-    email_display_name: GitLab
+    path: tmp/tests/pages
-    email_reply_to: noreply@example.com
+  repositories:
-  satellites:
+    storages:
-    path: tmp/tests/gitlab-satellites/
+      default:
        path: tmp/tests/repositories/
        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
        failure_count_threshold: 999999
        failure_wait_time: 0
        storage_timeout: 30
      broken:
        path: tmp/tests/non-existent-repositories
        gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
  gitaly:
    enabled: true
    token: secret
  backup:
    path: tmp/tests/backups
  gitlab_shell:
-    path: /usr/share/gitlab-shell/
+    path: tmp/tests/gitlab-shell/
-    repos_path: tmp/tests/repositories/
+    hooks_path: tmp/tests/gitlab-shell/hooks/
    hooks_path: /usr/share/gitlab-shell/hooks/
    secret_file: tmp/tests/gitlab-shell/.gitlab_shell_secret
  issues_tracker:
    redmine:
      title: "Redmine"
      project_url: "http://redmine/projects/:issues_tracker_id"
      issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
      new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
    jira:
      title: "JIRA"
      url: https://sample_company.atlassian.net
      project_key: PROJECT
  omniauth:
    enabled: true
    allow_single_sign_on: true
    external_providers: []
    providers:
      - { name: 'cas3',
          label: 'cas3',
          args: { url: 'https://sso.example.com',
                  disable_ssl_verification: false,
                  login_url: '/cas/login',
                  service_validate_url: '/cas/p3/serviceValidate',
                  logout_url: '/cas/logout'} }
      - { name: 'github',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET',
          url: "https://github.com/",
          verify_ssl: false,
          args: { scope: 'user:email' } }
      - { name: 'bitbucket',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      - { name: 'gitlab',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET',
          args: { scope: 'api' } }
      - { name: 'google_oauth2',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET',
          args: { access_type: 'offline', approval_prompt: '' } }
      - { name: 'facebook',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      - { name: 'twitter',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      - { name: 'auth0',
          args: {
            client_id: 'YOUR_AUTH0_CLIENT_ID',
            client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
            namespace: 'YOUR_AUTH0_DOMAIN' } }
      - { name: 'authentiq',
          app_id: 'YOUR_CLIENT_ID',
          app_secret: 'YOUR_CLIENT_SECRET',
          args: { scope: 'aq:name email~rs address aq:push' } }
  ldap:
    enabled: false
    servers:
@ -426,12 +732,11 @@ test:
        host: 127.0.0.1
        port: 3890
        uid: 'uid'
-        method: 'plain' # "tls" or "ssl" or "plain"
+        encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
        base: 'dc=example,dc=com'
        user_filter: ''
        group_base: 'ou=groups,dc=example,dc=com'
        admin_group: ''
        sync_ssh_keys: false
 staging:
  <<: *base