u/pc/rhodecode-enterprise-ce-fork-pc Commit - r3290:ac4e4e5a

docs: added SAML documentation....

marcink -

r3290:ac4e4e5a default

parent child

docs/auth/auth-saml-duosecurity.rst

0 created 644 +105 0

@@ -0,0 +1,105 b''
	1	.. _config-saml-duosecurity-ref:
	2
	3
	4	SAML 2.0 with Duo Security
	5	--------------------------
	6
	7	This plugin is available only in EE Edition.
	8
	9	\|RCE\| supports SAML 2.0 Authentication with Duo Security provider. This allows
	10	users to log-in to RhodeCode via SSO mechanism of external identity provider
	11	such as Duo. The login can be triggered either by the external IDP, or internally
	12	by clicking specific authentication button on the log-in page.
	13
	14
	15	Configuration steps
	16	^^^^^^^^^^^^^^^^^^^
	17
	18	To configure Duo Security SAML authentication, use the following steps:
	19
	20	1. From the \|RCE\| interface, select
	21	:menuselection:`Admin --> Authentication`
	22	2. Activate the `Duo Security` plugin and select :guilabel:`Save`
	23	3. Go to newly available menu option called `Duo Security` on the left side.
	24	4. Check the `enabled` check box in the plugin configuration section,
	25	and fill in the required SAML information and :guilabel:`Save`, for more details,
	26	see :ref:`config-saml-duosecurity`
	27
	28
	29	.. _config-saml-duosecurity:
	30
	31
	32	Example SAML Duo Security configuration
	33	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	34
	35	Example configuration for SAML 2.0 with Duo Security provider::
	36
	37	option: `enabled` => `True`
	38	# Enable or disable this authentication plugin.
	39
	40	option: `cache_ttl` => `0`
	41	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
	42	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
	43
	44	option: `debug` => `True`
	45	# Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
	46
	47	option: `entity_id` => `http://rc-app.com/dag/saml2/idp/metadata.php`
	48	# Identity Provider entity/metadata URI.
	49	# E.g. https://duo-gateway.com/dag/saml2/idp/metadata.php
	50
	51	option: `sso_service_url` => `http://rc-app.com/dag/saml2/idp/SSOService.php?spentityid=http://rc.local.pl/_admin/auth/duosecurity/saml-metadata`
	52	# SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
	53	# E.g. https://duo-gateway.com/dag/saml2/idp/SSOService.php?spentityid=<metadata_entity_id>
	54
	55	option: `slo_service_url` => `http://rc-app.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://rc-app.com/dag/module.php/duosecurity/logout.php`
	56	# SLO (SingleLogout) endpoint URL of the IdP.
	57	# E.g. https://duo-gateway.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://duo-gateway.com/_admin/saml/sign-out-endpoint
	58
	59	option: `x509cert` => `<CERTIFICATE_STRING>`
	60	# Identity provider public x509 certificate. It will be converted to single-line format without headers
	61
	62	option: `name_id_format` => `sha-1`
	63	# The format that specifies how the NameID is sent to the service provider.
	64
	65	option: `signature_algo` => `sha-256`
	66	# Type of Algorithm to use for verification of SAML signature on Identity provider side
	67
	68	option: `digest_algo` => `sha-256`
	69	# Type of Algorithm to use for verification of SAML digest on Identity provider side
	70
	71	option: `cert_dir` => `/etc/saml/`
	72	# Optional directory to store service provider certificate and private keys.
	73	# Expected certs for the SP should be stored in this folder as:
	74	# * sp.key Private Key
	75	# * sp.crt Public cert
	76	# * sp_new.crt Future Public cert
	77	#
	78	# Also you can use other cert to sign the metadata of the SP using the:
	79	# * metadata.key
	80	# * metadata.crt
	81
	82	option: `user_id_attribute` => `PersonImmutableID`
	83	# User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
	84	# Ensure this is returned from DuoSecurity for example via duo_username
	85
	86	option: `username_attribute` => `User.username`
	87	# Username Attribute name. This defines which attribute in SAML response will map to an username.
	88
	89	option: `email_attribute` => `User.email`
	90	# Email Attribute name. This defines which attribute in SAML response will map to an email address.
	91
	92
	93	Below is example setup from DUO Administration page that can be used with above config.
	94
	95	.. image:: ../images/saml-duosecurity-service-provider-example.png
	96	:alt: DUO Security SAML setup example
	97	:scale: 50 %
	98
	99
	100	Below is an example attribute mapping set for IDP provider required by the above config.
	101
	102
	103	.. image:: ../images/saml-duosecurity-attributes-example.png
	104	:alt: DUO Security SAML setup example
	105	:scale: 50 % No newline at end of file

docs/auth/auth-saml-generic.rst

0 created 644 +18 0

@@ -0,0 +1,18 b''
	1	.. _config-saml-generic-ref:
	2
	3
	4	SAML 2.0 Authentication
	5	-----------------------
	6
	7
	8	This plugin is available only in EE Edition.
	9
	10	RhodeCode Supports standard SAML 2.0 SSO for the web-application part.
	11
	12	Please check for reference two example providers:
	13
	14	.. toctree::
	15
	16	auth-saml-duosecurity
	17	auth-saml-onelogin
	18

docs/auth/auth-saml-onelogin.rst

0 created 644 +106 0

@@ -0,0 +1,106 b''
	1	.. _config-saml-onelogin-ref:
	2
	3
	4	SAML 2.0 with One Login
	5	-----------------------
	6
	7	This plugin is available only in EE Edition.
	8
	9	\|RCE\| supports SAML 2.0 Authentication with OneLogin provider. This allows
	10	users to log-in to RhodeCode via SSO mechanism of external identity provider
	11	such as OneLogin. The login can be triggered either by the external IDP, or internally
	12	by clicking specific authentication button on the log-in page.
	13
	14
	15	Configuration steps
	16	^^^^^^^^^^^^^^^^^^^
	17
	18	To configure OneLogin SAML authentication, use the following steps:
	19
	20	1. From the \|RCE\| interface, select
	21	:menuselection:`Admin --> Authentication`
	22	2. Activate the `OneLogin` plugin and select :guilabel:`Save`
	23	3. Go to newly available menu option called `OneLogin` on the left side.
	24	4. Check the `enabled` check box in the plugin configuration section,
	25	and fill in the required SAML information and :guilabel:`Save`, for more details,
	26	see :ref:`config-saml-onelogin`
	27
	28
	29	.. _config-saml-onelogin:
	30
	31
	32	Example SAML OneLogin configuration
	33	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	34
	35	Example configuration for SAML 2.0 with OneLogin provider::
	36
	37	option: `enabled` => `True`
	38	# Enable or disable this authentication plugin.
	39
	40	option: `cache_ttl` => `0`
	41	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
	42	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
	43
	44	option: `debug` => `True`
	45	# Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
	46
	47	option: `entity_id` => `https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
	48	# Identity Provider entity/metadata URI.
	49	# E.g. https://app.onelogin.com/saml/metadata/<onelogin_connector_id>
	50
	51	option: `sso_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-post/sso/xxxxxx`
	52	# SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
	53	# E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>
	54
	55	option: `slo_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-redirect/slo/xxxxxx`
	56	# SLO (SingleLogout) endpoint URL of the IdP.
	57	# E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>
	58
	59	option: `x509cert` => `<CERTIFICATE_STRING>`
	60	# Identity provider public x509 certificate. It will be converted to single-line format without headers
	61
	62	option: `name_id_format` => `sha-1`
	63	# The format that specifies how the NameID is sent to the service provider.
	64
	65	option: `signature_algo` => `sha-256`
	66	# Type of Algorithm to use for verification of SAML signature on Identity provider side
	67
	68	option: `digest_algo` => `sha-256`
	69	# Type of Algorithm to use for verification of SAML digest on Identity provider side
	70
	71	option: `cert_dir` => `/etc/saml/`
	72	# Optional directory to store service provider certificate and private keys.
	73	# Expected certs for the SP should be stored in this folder as:
	74	# * sp.key Private Key
	75	# * sp.crt Public cert
	76	# * sp_new.crt Future Public cert
	77	#
	78	# Also you can use other cert to sign the metadata of the SP using the:
	79	# * metadata.key
	80	# * metadata.crt
	81
	82	option: `user_id_attribute` => `PersonImmutableID`
	83	# User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
	84	# Ensure this is returned from OneLogin for example via Internal ID
	85
	86	option: `username_attribute` => `User.username`
	87	# Username Attribute name. This defines which attribute in SAML response will map to an username.
	88
	89	option: `email_attribute` => `User.email`
	90	# Email Attribute name. This defines which attribute in SAML response will map to an email address.
	91
	92
	93
	94	Below is example setup that can be used with OneLogin SAML authentication that can be used with above config..
	95
	96	.. image:: ../images/saml-onelogin-config-example.png
	97	:alt: OneLogin SAML setup example
	98	:scale: 50 %
	99
	100
	101	Below is an example attribute mapping set for IDP provider required by the above config.
	102
	103
	104	.. image:: ../images/saml-onelogin-attributes-example.png
	105	:alt: OneLogin SAML setup example
	106	:scale: 50 % No newline at end of file

docs/images/saml-duosecurity-attributes-example.png

0 created 644 binary 0 0

NO CONTENT: new file 100644, binary diff hidden

docs/images/saml-duosecurity-service-provider-example.png

0 created 644 binary 0 0

NO CONTENT: new file 100644, binary diff hidden

docs/images/saml-onelogin-attributes-example.png

0 created 644 binary 0 0

NO CONTENT: new file 100644, binary diff hidden

docs/images/saml-onelogin-config-example.png

0 created 644 binary 0 0

NO CONTENT: new file 100644, binary diff hidden

docs/admin/adding-anonymous-user.rst

0 +4 -4

             Anonymous Users
             ---------------
-            By default, |RCM| provides |repo| access for registered users only. It can be
+            By default, |RCE| provides |repo| access for registered users only. It can be
             configured to be **world-open** in terms of read and write permissions. This
-            configuration is called "Anonymous Access" and allows |RCM| to be used as a
+            configuration is called "Anonymous Access" and allows |RCE| to be used as a
             public hub where unregistered users have access to your |repos|.
             Anonymous access is useful for open source projects, universities,
             or if running inside a restricted internal corporate network to serve
             documents to all employees. Anonymous users get the default user permission
-            settings that are applied across the whole |RCM| system.
+            settings that are applied across the whole |RCE| system.
             To enable anonymous access to your |repos|, use the following steps:
-. From the |RCM| interface, select :menuselection:`Admin --> Permissions`.
+. From the |RCE| interface, select :menuselection:`Admin --> Permissions`.
 . On the Application tab, check the :guilabel:`Allow anonymous access` box.
 . Select :guilabel:`Save`.
 . To set the anonymous user access permissions, which are based on the

docs/admin/admin-tricks.rst

0 +1 -1

                ``pretxnchangegroup.example`` with value ``python:/path/to/custom_hook.py:my_func_name``
 . Select :guilabel:`Save`
-            Also, see the |RC| Extensions section of the :ref:`rc-tools` guide. |RC|
+            Also, see the RhodeCode Extensions section of the :ref:`rc-tools` guide. RhodeCode
             Extensions can be used to add additional hooks to your instance and comes
             with a number of pre-built plugins if you chose to install them.

docs/admin/apache-wsgi-coding.rst

0 +2 -2

             Apache WSGI Configuration
             ^^^^^^^^^^^^^^^^^^^^^^^^^
-            |RCM| can also be set up with Apache under ``mod_wsgi``. To configure this
+            |RCE| can also be set up with Apache under ``mod_wsgi``. To configure this
             use the following steps.
 . Install ``mod_wsgi`` using the following command:
             .. note::
                When using `mod_wsgi` the same version of |hg| must be running in your
-               system's |PY| environment and on |RCM|. To check the |RCM| version,
+               system's |PY| environment and on |RCE|. To check the |RCE| version,
                on the interface go to
                :menuselection:`Admin --> Settings --> System Info`

docs/admin/config-files-overview.rst

0 +1 -1

                     Default location: :file:`/home/{user}/.rccontrol/cache/MANIFEST`
                     |RCC| uses this file to source the latest available builds from the
-                    secure |RC| download channels. The only reason to mess with this file
+                    secure RhodeCode download channels. The only reason to mess with this file
                     is if you need to do an offline installation,
                     see the :ref:`Offline Installation<control:offline-installer-ref>`
                     instructions, otherwise |RCC| will completely manage this file.

docs/admin/glossary.rst

0 +1 -1

                     Adding more machines or workers into your pool of resources.
                 Instance
-                    A single installed version of one of the |RC| products. It could
+                    A single installed version of one of the RhodeCode products. It could
                     refer to |RCE| or the VCS server depending on the context.
                 Plugin

docs/admin/indexing.rst

0 +3 -3

             Full-text Search
             ----------------
-            By default |RC| is configured to use `Whoosh`_ to index |repos| and
+            By default RhodeCode is configured to use `Whoosh`_ to index |repos| and
             provide full-text search.
             |RCE| also provides support for `Elasticsearch`_ as a backend for scalable
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
             |RCT| uses the :file:`/home/{user}/.rhoderc` file for connection details
-            to |RCM| instances. If this file is not automatically created,
+            to |RCE| instances. If this file is not automatically created,
             you can configure it using the following example. You need to configure the
             details for each instance you want to index.
                  - VERSION: 1.5.0
                  - URL: http://127.0.0.1:10000
-            To get your API Token, on the |RCM| interface go to
+            To get your API Token, on the |RCE| interface go to
             :menuselection:`username --> My Account --> Auth tokens`
             .. code-block:: ini

docs/admin/public-access.rst

0 +1 -1

             Public Access
             -------------
-            By default |RCM| allows users to read all **public** |repos|. User
+            By default |RCE| allows users to read all **public** |repos|. User
             permissions and |repo| access can be configured explicitly,
             and those permissions will override any default settings. The default
             settings can be found under the following section:

docs/admin/setting-default-permissions.rst

0 +5 -5

             Setting Default Permissions
             ---------------------------
-            Default permissions allow you to configure |RCM| so that when a new |repo|, user group,
+            Default permissions allow you to configure |RCE| so that when a new |repo|, user group,
             or user is created their permissions are already defined. To set default permissions you need administrator
             privileges. See the following sections for setting up your permissions system:
             To set default user permissions, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> Permissions`
+. From the |RCE| interface, select :menuselection:`Admin --> Permissions`
 . Select the :guilabel:`Global` tab from the left-hand menu. The permissions
                set on this screen apply to users and user-groups across the whole instance.
 . Save your changes
             To set default user group permissions, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> User groups`
+. From the |RCE| interface, select :menuselection:`Admin --> User groups`
 . Select :guilabel:`Permissions`, and configure the default user
                permissions. All users will get these permissions unless
                individually set.
             To set default |repo| permissions, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> Permissions`
+. From the |RCE| interface, select :menuselection:`Admin --> Permissions`
 . Select the :guilabel:`Object` tab from the left-hand menu and set the
                |perm| permissions
 . Save your changes
             To set default Repository Group permissions, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> Repository Groups`
+. From the |RCE| interface, select :menuselection:`Admin --> Repository Groups`
 . Select :guilabel:`Edit` beside the |repo| group you wish to configure
 . On the left-hand pane select :guilabel:`Permissions`
 . Set the default permissions for all |repos| created in this group

docs/admin/setting-repo-perms.rst

0 +2 -2

             Repository Administration
             =========================
-            Repository permissions in |RCM| can be managed in a number of different ways.
+            Repository permissions in |RCE| can be managed in a number of different ways.
             This overview should give you an insight into how you could adopt particular
             settings for your needs:
             * Global |repo| permissions: This allows you to set the default permissions
-              for each new |repo| created within |RCM|, see :ref:`repo-default-ref`. All
+              for each new |repo| created within |RCE|, see :ref:`repo-default-ref`. All
               |repos| created will inherit these permissions unless explicitly configured.
             * Individual |repo| permissions: To set individual |repo| permissions,
               see :ref:`set-repo-perms`.

docs/admin/system-overview.rst

0 +3 -3

             System Requirements
             -------------------
-            |RCM| performs best on machines with ultra-fast hard disks. Generally disk
+            |RCE| performs best on machines with ultra-fast hard disks. Generally disk
             performance is more important than CPU performance. In a corporate production
             environment handling 1000s of users and |repos| you should deploy on a 12+
             core 64GB RAM server. In short, the more RAM the better.
             For example:
              - for team of 1 - 5 active users you can run on 1GB RAM machine with 1CPU
-             - above 250 active users, |RCM| needs at least 8GB of memory.
+             - above 250 active users, |RCE| needs at least 8GB of memory.
                Number of CPUs is less important, but recommended to have at least 2-3 CPUs
             * HTTPS
             * SSH
-            * |RCM| API
+            * |RCE| API
             Internationalization Support
             ----------------------------

docs/admin/user-admin.rst

0 +1 -1

             User Administration
             ===================
-            |RCM| enables you to define permissions for the following entities within the
+            |RCE| enables you to define permissions for the following entities within the
             system; **users**, **user groups**, **repositories**, **repository groups**.
             Within each one of these entities you can set default settings,

docs/admin/vcs-server.rst

0 +6 -6

             VCS Server Management
             ---------------------
-            The VCS Server handles |RCM| backend functionality. You need to configure
+            The VCS Server handles |RCE| backend functionality. You need to configure
-            a VCS Server to run with a |RCM| instance. If you do not, you will be missing
+            a VCS Server to run with a |RCE| instance. If you do not, you will be missing
-            the connection between |RCM| and its |repos|. This will cause error messages
+            the connection between |RCE| and its |repos|. This will cause error messages
             on the web interface. You can run your setup in the following configurations,
             currently the best performance is one of following:
-            * One VCS Server per |RCM| instance.
+            * One VCS Server per |RCE| instance.
             * One VCS Server handling multiple instances.
             .. important::
             |RCE| VCS Server Options
             ^^^^^^^^^^^^^^^^^^^^^^^^
-            The following list shows the available options on the |RCM| side of the
+            The following list shows the available options on the |RCE| side of the
             connection to the VCS Server. The settings are configured per
             instance in the
             :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
                 \vcs.server <host:port>
                     Set the host, either hostname or IP Address, and port of the VCS server
-                    you wish to run with your |RCM| instance.
+                    you wish to run with your |RCE| instance.
             .. code-block:: ini

docs/api/api.rst

0 +4 -4

             decorated with a `@LoginRequired` decorator. To enable API access, change
             the standard login decorator to `@LoginRequired(api_access=True)`.
-            From |RCM| version 1.7.0 you can configure a white list
+            From |RCE| version 1.7.0 you can configure a white list
             of views that have API access enabled by default. To enable these,
-            edit the |RCM| configuration ``.ini`` file. The default location is:
+            edit the |RCE| configuration ``.ini`` file. The default location is:
-            * |RCM| Pre-2.2.7 :file:`root/rhodecode/data/production.ini`
+            * |RCE| Pre-2.2.7 :file:`root/rhodecode/data/production.ini`
-            * |RCM| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
+            * |RCE| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
             To configure the white list, edit this section of the file. In this
             configuration example, API access is granted to the patch/diff raw file and

docs/auth/auth-crowd.rst

0 +2 -2

             To enable Crowd authentication, use the following steps:
-. From the |RCM| interface, go to :menuselection:`Admin --> Authentication`
+. From the |RCE| interface, go to :menuselection:`Admin --> Authentication`
-. Enable the ``rhodecode.lib.auth_modules.auth_crowd`` library and select
+. Activate the ``rhodecode.lib.auth_modules.auth_crowd`` library and select
                :guilabel:`Save`
 . On the Crowd plugin settings section, do the following:

docs/auth/auth-ldap-groups.rst

0 +108 -60

@@ -3,25 +3,24 b''
3	LDAP/AD With User Groups Sync	3	LDAP/AD With User Groups Sync
4	-----------------------------	4	-----------------------------
5		5
6	\|RCM\| supports LDAP (Lightweight Directory Access Protocol) or	6	This plugin is available only in EE Edition.
		7
		8	\|RCE\| supports LDAP (Lightweight Directory Access Protocol) or
7	AD (active Directory) authentication.	9	AD (active Directory) authentication.
8	All LDAP versions are supported, with the following \|RCM\| plugins managing each:	10	All LDAP versions are currently supported.
9
10	* For LDAP/AD with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)``
11		11
12	RhodeCode reads all data defined from plugin and creates corresponding	12	RhodeCode reads all data defined from plugin and creates corresponding
13	accounts on local database after receiving data from LDAP. This is done on	13	accounts on local database after receiving data from LDAP. This is done on
14	every user log-in including operations like pushing/pulling/checkout.	14	every user log-in including operations like pushing/pulling/checkout.
15	In addition group membership is read from LDAP and following operations are done:	15	In addition group membership is read from LDAP and following operations are done:
16		16
17	- automatic addition of user to \|RCM\| user group	17	- automatic addition of user to \|RCE\| user group
18	- automatic removal of user from any other \|RCM\| user groups not specified in LDAP.	18	- automatic removal of user from any other \|RCE\| user groups not specified in LDAP.
19	The removal is done only on groups that are marked to be synced from ldap.	19	The removal is done only on groups that are marked to be synced from ldap.
20	This setting can be changed in advanced settings on user groups	20	This setting can be changed in advanced settings on user groups
21	- automatic creation of user groups if they aren't yet existing in \|RCM\|	21	- automatic creation of user groups if they aren't yet existing in \|RCE\|
22	- marking user as super-admins if he is a member of any admin group defined in plugin settings	22	- marking user as super-admins if he is a member of any admin group defined in plugin settings
23		23
24	This plugin is available only in EE Edition.
25		24
26	.. important::	25	.. important::
27		26
@@ -39,11 +38,12 b' LDAP Configuration Steps'
39		38
40	To configure \|LDAP\|, use the following steps:	39	To configure \|LDAP\|, use the following steps:
41		40
42	1. From the \|RCM\| interface, select	41	1. From the \|RCE\| interface, select
43	:menuselection:`Admin --> Authentication`	42	:menuselection:`Admin --> Authentication`
44	2. ~~Enable the ldap+ groups~~ plugin and select :guilabel:`Save`	43	2. Activate the `LDAP + User Groups` plugin and select :guilabel:`Save`
45	3. Select the :guilabel:`Enabled` check box in the plugin configuration section	44	3. Go to newly available menu option called `LDAP + User Groups` on the left side.
46	4. Add the required LDAP information and :guilabel:`Save`, for more details,	45	4. Check the `enabled` check box in the plugin configuration section,
		46	and fill in the required LDAP information and :guilabel:`Save`, for more details,
47	see :ref:`config-ldap-groups-examples`	47	see :ref:`config-ldap-groups-examples`
48		48
49	For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:	49	For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
@@ -52,59 +52,107 b' For a more detailed description of LDAP '
52		52
53	Example LDAP configuration	53	Example LDAP configuration
54	^^^^^^^^^^^^^^^^^^^^^^^^^^	54	^^^^^^^^^^^^^^^^^^^^^^^^^^
55	.. code-block:: bash	55
		56	Below is example setup that can be used with Active Directory and LDAP server with groups sync::
		57
		58	option: `enabled` => `True`
		59	# Enable or disable this authentication plugin.
		60
		61	option: `cache_ttl` => `360`
		62	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
		63	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
		64
		65	option: `host` => `192.168.245.143,192.168.1.240`
		66	# Host[s] of the LDAP Server
		67	# (e.g., 192.168.2.154, or ldap-server.domain.com.
		68	# Multiple servers can be specified using commas
		69
		70	option: `port` => `389`
		71	# Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
		72
		73	option: `timeout` => `300`
		74	# Timeout for LDAP connection
		75
		76	option: `dn_user` => `Administrator@rhodecode.com`
		77	# Optional user DN/account to connect to LDAP if authentication is required.
		78	# e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
		79
		80	option: `dn_pass` => `SomeSecret`
		81	# Password to authenticate for given user DN.
		82
		83	option: `tls_kind` => `PLAIN`
		84	# TLS Type
		85
		86	option: `tls_reqcert` => `NEVER`
		87	# Require Cert over TLS?. Self-signed and custom certificates can be used when
		88	# `RhodeCode Certificate` found in admin > settings > system info page is extended.
		89
		90	option: `tls_cert_file` => ``
		91	# This specifies the PEM-format file path containing certificates for use in TLS connection.
		92	# If not specified `TLS Cert dir` will be used
		93
		94	option: `tls_cert_dir` => `/etc/openldap/cacerts`
		95	# This specifies the path of a directory that contains individual CA certificates in separate files.
		96
		97	option: `base_dn` => `dc=rhodecode,dc=com`
		98	# Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
		99	# (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
		100
		101	option: `user_search_base` => `ou=RC-Users`
		102	# User search base will extend the Base DN
		103	# (e.g., ou=Users will result in ou=Users,dc=mydomain,dc=com root DN)
56		104
57	# Auth Cache TTL, Defines the caching for authentication to offload LDAP server.	105	option: `user_search_filter` => ``
58	# This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access	106	# Filter to narrow results
59	3600	107	# (e.g., (&(objectCategory=Person)(objectClass=user)), or
60	# Host, comma seperated format is optionally possible to specify more than 1 server	108	# (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
61	https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/	109
62	# Default LDAP Port, use 689 for LDAPS	110	option: `search_scope` => `SUBTREE`
63	389	111	# How deep to search LDAP. If unsure set to SUBTREE
64	# Account, used for SimpleBind if LDAP server requires an authentication	112
65	e.g admin@server.com	113	option: `attr_login` => `sAMAccountName`
66	# Password used for simple bind	114	# LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
67	ldap-user-password	115
68	# LDAP connection security	116	option: `attr_email` => `mail`
69	LDAPS	117	# LDAP Attribute to map to email address (e.g., mail).
70	# Certificate checks level	118	# Emails are a crucial part of RhodeCode.
71	DEMAND	119	# If possible add a valid email attribute to ldap users.
72	# Base DN	120
73	cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com	121	option: `attr_firstname` => `givenName`
74	# User Search Base	122	# LDAP Attribute to map to first name (e.g., givenName)
75	ou=groups,ou=users	123
76	# LDAP search filter to narrow the results	124	option: `attr_lastname` => `sn`
77	(objectClass=person)	125	# LDAP Attribute to map to last name (e.g., sn)
78	# LDAP search scope	126
79	SUBTREE	127	option: `group_extraction_type` => `rfc2307bis`
80	# Login attribute	128	# With rfc2307, group members are listed by name in the memberUid attribute
81	sAMAccountName	129	# With rfc2307bis (Microsoft AD compatible) group members are listed by DN and stored in the member attribute
82	# First Name Attribute to read
83	givenName
84	# Last Name Attribute to read
85	sn
86	# Email Attribute to read email address from
87	mail
88	# group extraction method
89	rfc2307bis
90	# Group search base
91	ou=RC-Groups
92	# Group Name Attribute, field to read the group name from
93	sAMAAccountName
94	# User Member of Attribute, field in which groups are stored
95	memberOf
96	# LDAP Group Search Filter, allows narrowing the results
97		130
98	# Admin Groups. Comma separated list of groups. If user is member of	131	option: `group_search_base` => `ou=RC-Groups`
99	# any of those he will be marked as super-admin in RhodeCode	132	# Group search base will extend the Base DN (e.g. ou=Groups will result in ou=Groups,dc=mydomain,dc=com)
100	admins, management
101		133
		134	option: `group_name_attr` => `sAMAccountName`
		135	# LDAP Attribute to map to group name (e.g., cn, or sAMAccountName)
		136
		137	option: `user_member_of` => `memberOf`
		138	# Users Attribute used to fetch the group membership.
		139	# Use if users have stored group membership inside their attributes
		140	# (e.g., memberOf, or userMemberOf)
102		141
103	Below is example setup that can be used with Active Directory and ldap groups.	142	option: `group_search_filter` => ``
		143	# Filter to narrow results (e.g., (&(objectCategory=Group)(objectClass=group)), etc)
		144
		145	option: `group_member_of` => `memberOf`
		146	# LDAP Attribute used to resolve the parent group (e.g., memberOf)
104		147
105	.. image:: ../images/ldap-groups-example.png	148	option: `admin_groups` => `Admins,Management`
106	:alt: LDAP/AD setup example	149	# A comma separated list of group names that identify users as RhodeCode Administrators (e.g., admins)
107	:scale: 50 %	150
		151	option: `admin_groups_sync` => `full`
		152	# Way to sync Admin groups.
		153	# Full means admin flag is set to on or off according to membership in administrator group defined above.
		154	# On-only means the flag is only set to on, and not turned off once user is no longer a member
		155
108		156
109	.. toctree::	157	.. toctree::
110		158

docs/auth/auth-ldap.rst

0 +70 -42

@@ -3,11 +3,9 b''
3	LDAP/AD	3	LDAP/AD
4	-------	4	-------
5		5
6	\|RCM\| supports LDAP (Lightweight Directory Access Protocol) or	6	\|RCE\| supports LDAP (Lightweight Directory Access Protocol) or
7	AD (active Directory) authentication.	7	AD (active Directory) authentication.
8	All LDAP versions are supported, with the following \|RCM\| plugins managing each:	8	All LDAP versions are currently supported.
9
10	* For LDAP or Active Directory use ``LDAP (egg:rhodecode-enterprise-ce#ldap)``
11		9
12	RhodeCode reads all data defined from plugin and creates corresponding	10	RhodeCode reads all data defined from plugin and creates corresponding
13	accounts on local database after receiving data from LDAP. This is done on	11	accounts on local database after receiving data from LDAP. This is done on
@@ -30,11 +28,12 b' LDAP Configuration Steps'
30		28
31	To configure \|LDAP\|, use the following steps:	29	To configure \|LDAP\|, use the following steps:
32		30
33	1. From the \|RCM\| interface, select	31	1. From the \|RCE\| interface, select
34	:menuselection:`Admin --> Authentication`	32	:menuselection:`Admin --> Authentication`
35	2. ~~Enable the ldap~~ plugin and select :guilabel:`Save`	33	2. Activate the `LDAP` plugin and select :guilabel:`Save`
36	3. Select the :guilabel:`Enabled` check box in the plugin configuration section	34	3. Go to newly available menu option called `LDAP` on the left side.
37	4. Add the required LDAP information and :guilabel:`Save`, for more details,	35	4. Check the `enabled` check box in the plugin configuration section,
		36	and fill in the required LDAP information and :guilabel:`Save`, for more details,
38	see :ref:`config-ldap-examples`	37	see :ref:`config-ldap-examples`
39		38
40	For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:	39	For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
@@ -43,44 +42,73 b' For a more detailed description of LDAP '
43		42
44	Example LDAP configuration	43	Example LDAP configuration
45	^^^^^^^^^^^^^^^^^^^^^^^^^^	44	^^^^^^^^^^^^^^^^^^^^^^^^^^
46	.. code-block:: bash	45
		46	Below is example setup that can be used with Active Directory/LDAP server::
		47
		48	option: `enabled` => `True`
		49	# Enable or disable this authentication plugin.
		50
		51	option: `cache_ttl` => `360`
		52	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
		53	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
		54
		55	option: `host` => `192.168.245.143,192.168.1.240`
		56	# Host[s] of the LDAP Server
		57	# (e.g., 192.168.2.154, or ldap-server.domain.com.
		58	# Multiple servers can be specified using commas
		59
		60	option: `port` => `389`
		61	# Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
		62
		63	option: `timeout` => `300`
		64	# Timeout for LDAP connection
		65
		66	option: `dn_user` => `Administrator@rhodecode.com`
		67	# Optional user DN/account to connect to LDAP if authentication is required.
		68	# e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
		69
		70	option: `dn_pass` => `SomeSecret`
		71	# Password to authenticate for given user DN.
		72
		73	option: `tls_kind` => `PLAIN`
		74	# TLS Type
47		75
48	# Auth Cache TTL, Defines the caching for authentication to offload LDAP server.	76	option: `tls_reqcert` => `NEVER`
49	# This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access	77	# Require Cert over TLS?. Self-signed and custom certificates can be used when
50	3600	78	# `RhodeCode Certificate` found in admin > settings > system info page is extended.
51	# Host, comma seperated format is optionally possible to specify more than 1 server	79
52	https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/	80	option: `tls_cert_file` => ``
53	# Default LDAP Port, use 689 for LDAPS	81	# This specifies the PEM-format file path containing certificates for use in TLS connection.
54	389	82	# If not specified `TLS Cert dir` will be used
55	# Account, used for SimpleBind if LDAP server requires an authentication	83
56	e.g admin@server.com	84	option: `tls_cert_dir` => `/etc/openldap/cacerts`
57	# Password used for simple bind	85	# This specifies the path of a directory that contains individual CA certificates in separate files.
58	ldap-user-password	86
59	# LDAP connection security	87	option: `base_dn` => `cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com`
60	LDAPS	88	# Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
61	# Certificate checks level	89	# (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
62	DEMAND
63	# Base DN
64	cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
65	# LDAP search filter to narrow the results
66	(objectClass=person)
67	# LDAP search scope
68	SUBTREE
69	# Login attribute
70	sAMAccountName
71	# First Name Attribute to read
72	givenName
73	# Last Name Attribute to read
74	sn
75	# Email Attribute to read email address from
76	mail
77		90
		91	option: `filter` => `(objectClass=person)`
		92	# Filter to narrow results
		93	# (e.g., (&(objectCategory=Person)(objectClass=user)), or
		94	# (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
78		95
79	Below is example setup that can be used with Active Directory/LDAP server.	96	option: `search_scope` => `SUBTREE`
		97	# How deep to search LDAP. If unsure set to SUBTREE
		98
		99	option: `attr_login` => `sAMAccountName`
		100	# LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
80		101
81	.. image:: ../images/ldap-example.png	102	option: `attr_email` => `mail`
82	:alt: LDAP/AD setup example	103	# LDAP Attribute to map to email address (e.g., mail).
83	:scale: 50 %	104	# Emails are a crucial part of RhodeCode.
		105	# If possible add a valid email attribute to ldap users.
		106
		107	option: `attr_firstname` => `givenName`
		108	# LDAP Attribute to map to first name (e.g., givenName)
		109
		110	option: `attr_lastname` => `sn`
		111	# LDAP Attribute to map to last name (e.g., sn)
84		112
85		113
86	.. toctree::	114	.. toctree::

docs/auth/auth-pam.rst

0 +2 -2

             To enable PAM authentication, use the following steps:
-. From the |RCM| interface, go to :menuselection:`Admin --> Authentication`
+. From the |RCE| interface, go to :menuselection:`Admin --> Authentication`
-. Enable the ``rhodecode.lib.auth_modules.auth_pam`` library and select save
+. Activate the ``rhodecode.lib.auth_modules.auth_pam`` library and select save
 . On the PAM plugin settings section, do the following:
                * Check the :guilabel:`Enable` checkbox

docs/auth/auth-token.rst

0 +17 -13

             Authentication Tokens
             ---------------------
-            |RCE| has 4 different kinds of authentication tokens.
+            |RCE| has 4 different kinds of authentication tokens. `API token`, `Feed tokens` work
+            without a need to enable any additional authentication. `VCS tokens` require dedicated
+            authentication plugin to be activated. `Web Interface tokens` are controlled by the
+            white_list configuration.
             * *API tokens*: API tokens can only be used to execute |RCE| API operations.
               You can store your API token and assign it to each instance in
               example in :ref:`indexing-ref` section for more details.
             * *Feed tokens*: The feed token can only be used to access the RSS feed.
-               Usually those are safe to store inside your RSS feed reader.
+              Usually those are safe to store inside your RSS feed reader.
-            * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn|
-              operations instead of a password. They are designed to be used with
-              CI Servers or other third party tools that require |repo| access.
-              They are also a good replacement for SSH based access.
-              To use these tokens you need be enabled special authentication method on
-              |RCE|, as they are disabled by default.
-              See :ref:`enable-vcs-tokens`.
             * *Web Interface tokens*: These token allows users to access the web
               interface of |RCE| without logging in.
                https://rhodecode.com/repo/archive/tip.zip?auth_token=<web-api-token>
                # To show commit diff without logging into Web UI
-               https://rhodecode.com/repo/changeset-diff/<sha>?auth_token=<web-api-token>
+               https://rhodecode.com/repo/raw-diff/<sha>?auth_token=<web-api-token>
+            * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn|
+              operations instead of a password. They are designed to be used with
+              CI Servers or other third party tools that require |repo| access.
+              They are also a good replacement for SSH based access.
+              To use these tokens you need be enabled special authentication method on
+              |RCE|, as they are disabled by default.
+              See :ref:`enable-vcs-tokens`.
             .. _enable-vcs-tokens:
             To enable VCS Tokens, use the following steps:
 . Go to :menuselection:`Admin --> Authentication`.
-. Enable the ``rhodecode.lib.auth_modules.auth_token`` plugin.
+. Activate the ``rhodecode.lib.auth_modules.auth_token`` plugin.
 . Click :guilabel:`Save`.
             Authentication Token Tips
             To create authentication tokens for an user, use the following steps:
-. From the |RCM| interface go to
+. From the |RCE| interface go to
                :menuselection:`Username --> My Account --> Auth tokens`.
 . Label and Add the tokens you wish to use with |RCE|.

docs/auth/auth.rst

0 +11 -9

             ======================
             |RCE| provides a built in authentication against its own database. This is
-            implemented using ``rhodecode.lib.auth_rhodecode`` plugin. This plugin is
+            implemented using ``RhodeCode Internal`` plugin. This plugin is enabled by default.
-            enabled by default.
             Additionally, |RCE| provides a Pluggable Authentication System. This gives the
             administrator greater control over how users authenticate with the system.
             .. important::
-              You can disable the built in |RCM| authentication plugin
+              You can disable the built in |RCE| authentication plugin
-              ``rhodecode.lib.auth_rhodecode`` and force all authentication to go
+              ``RhodeCode Internal`` and force all authentication to go
               through your authentication plugin of choice e.g LDAP only.
               However, if you do this, and your external authentication tools fails,
-              you will be unable to access |RCM|.
+              accessing |RCE| will be blocked unless a fallback plugin is
+              enabled via :file: rhodecode.ini
-            |RCM| comes with the following user authentication management plugins:
+            |RCE| comes with the following user authentication management plugins:
             .. toctree::
+                auth-token
                 auth-ldap
                 auth-ldap-groups
+                auth-saml-generic
+                auth-saml-onelogin
+                auth-saml-duosecurity
                 auth-crowd
                 auth-pam
-                auth-token
                 ssh-connection

docs/auth/ldap-active-directory.rst

0 +65 -19

@@ -3,27 +3,73 b''
3	Active Directory	3	Active Directory
4	----------------	4	----------------
5		5
6	\|RCM\| can use Microsoft Active Directory for user authentication. This is	6	\|RCE\| can use Microsoft Active Directory for user authentication. This is
7	done through an LDAP or LDAPS connection to Active Directory. Use the	7	done through an LDAP or LDAPS connection to Active Directory. Use the
8	following example LDAP configuration setting to set your Active Directory	8	following example LDAP configuration setting to set your Active Directory
9	authentication.	9	authentication::
10
11	.. code-block:: ini
12
13	# Set the Base DN
14	Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
15	# Set the Active Directory SAM-Account-Name
16	Login Attribute = sAMAccountName
17	# Set the Active Directory user name
18	First Name Attribute = usernameame
19	# Set the Active Directory user surname
20	Last Name Attribute = user_surname
21	# Set the Active Directory user email
22	E-mail Attribute = userEmail
23		10
24		11
25	Below is example setup that can be used with Active Directory and ldap groups.	12	option: `enabled` => `True`
		13	# Enable or disable this authentication plugin.
		14
		15	option: `cache_ttl` => `360`
		16	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
		17	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
		18
		19	option: `host` => `192.168.245.143,192.168.1.240`
		20	# Host[s] of the LDAP Server
		21	# (e.g., 192.168.2.154, or ldap-server.domain.com.
		22	# Multiple servers can be specified using commas
		23
		24	option: `port` => `389`
		25	# Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
		26
		27	option: `timeout` => `300`
		28	# Timeout for LDAP connection
		29
		30	option: `dn_user` => `Administrator@rhodecode.com`
		31	# Optional user DN/account to connect to LDAP if authentication is required.
		32	# e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
		33
		34	option: `dn_pass` => `SomeSecret`
		35	# Password to authenticate for given user DN.
		36
		37	option: `tls_kind` => `PLAIN`
		38	# TLS Type
		39
		40	option: `tls_reqcert` => `NEVER`
		41	# Require Cert over TLS?. Self-signed and custom certificates can be used when
		42	# `RhodeCode Certificate` found in admin > settings > system info page is extended.
26		43
27	.. image:: ../images/ldap-groups-example.png	44	option: `tls_cert_file` => ``
28	:alt: LDAP/AD setup example	45	# This specifies the PEM-format file path containing certificates for use in TLS connection.
29	:scale: 50 % No newline at end of file	46	# If not specified `TLS Cert dir` will be used
		47
		48	option: `tls_cert_dir` => `/etc/openldap/cacerts`
		49	# This specifies the path of a directory that contains individual CA certificates in separate files.
		50
		51	option: `base_dn` => `OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local`
		52	# Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
		53	# (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
		54
		55	option: `filter` => `(objectClass=person)`
		56	# Filter to narrow results
		57	# (e.g., (&(objectCategory=Person)(objectClass=user)), or
		58	# (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
		59
		60	option: `search_scope` => `SUBTREE`
		61	# How deep to search LDAP. If unsure set to SUBTREE
		62
		63	option: `attr_login` => `sAMAccountName`
		64	# LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
		65
		66	option: `attr_email` => `userEmail`
		67	# LDAP Attribute to map to email address (e.g., mail).
		68	# Emails are a crucial part of RhodeCode.
		69	# If possible add a valid email attribute to ldap users.
		70
		71	option: `attr_firstname` => `user_firstname`
		72	# LDAP Attribute to map to first name (e.g., givenName)
		73
		74	option: `attr_lastname` => `user_surname`
		75	# LDAP Attribute to map to last name (e.g., sn)

docs/auth/ldap-authentication.rst

0 +2 -8

             * The LDAP username or account used to connect to |RCE|. This will be added
               to the LDAP filter for locating the user object.
             * For example, if an LDAP filter is specified as `LDAPFILTER`,
-              the login attribute is specified as `uid`, and the user connects as
+              the login/username attribute is specified as `uid`, and the user connects as
               `jsmith`, then the LDAP Filter will be like the following example.
             .. code-block:: vim
             Optional settings
             ^^^^^^^^^^^^^^^^^
-            The following are optional when enabling LDAP on |RCM|
+            The following are optional when enabling LDAP on |RCE|
             * An LDAP account is only required if the LDAP server does not allow
               anonymous browsing of records.
                following directory: `/etc/openldap/cacerts`
-            Below is example setup that can be used with Active Directory and ldap groups.
-            .. image:: ../images/ldap-groups-example.png
-               :alt: LDAP/AD setup example
-               :scale: 50 %
             .. _RFC 2254: http://www.rfc-base.org/rfc-2254.html

docs/code-review/code-review.rst

0 +1 -1

             Code Review
             ===========
-            |RCM| provides two ways in which you can review code. You can review |prs| or
+            |RCE| provides two ways in which you can review code. You can review |prs| or
             commits. To better understand |prs|, see the :ref:`pull-requests-ref`
             and :ref:`collaborate-ref` sections. For more information about why
             code review matters, see these posts on the topic:

docs/code-review/review-diffs.rst

0 +1 -1

             Reviewing Changes
             -----------------
-            |RCM| displays all code changes made with each commit. Removed content is
+            |RCE| displays all code changes made with each commit. Removed content is
             marked in red and new content in green.
             .. image:: ../images/plain-diff.png

docs/collaboration/approve-pull-request.rst

0 +1 -1

 . Set the review status to :guilabel:`Approved`
 . Select :guilabel:`Comment`
-            If you approve the |pr|, you will be able to merge automatically if |RCM|
+            If you approve the |pr|, you will be able to merge automatically if |RCE|
             detects that it can do so safely. You will see this message:
             :guilabel:`This pull request can be automatically merged.`

docs/collaboration/collaboration.rst

0 +1 -1

                Forking and branching does not work with |svn| |repos|.
-            Collaboration in |RCM| is accomplished through a combination of the following
+            Collaboration in |RCE| is accomplished through a combination of the following
             functions:
             .. only:: latex

docs/collaboration/forks-branches.rst

0 +1 -1

                 $ git commit -a -m "ghost script: initial file"
                 $ git push
-            Once it is pushed to the |RCM| server, you can switch to the newly created
+            Once it is pushed to the |RCE| server, you can switch to the newly created
             branch using the following steps:
 . Select :menuselection:`Admin --> Repositories`.

docs/collaboration/mention-reviewer-function.rst

0 +1 -1

             -------------------
             To notify users of items that require their attention you can use the mention
-            function. The mention function allows you to use ``@username`` within |RCM|.
+            function. The mention function allows you to use ``@username`` within |RCE|.
             The notification function can be used within the following
             items to highlight their need for attention:

docs/collaboration/merge-pull-request.rst

0 +2 -2

             Merge a |pr|
             ------------
-            |RCM| can detect if it can automatically merge the changes in a |pr|. If it
+            |RCE| can detect if it can automatically merge the changes in a |pr|. If it
             can, you will see the following message:
             :guilabel:`This pull request can be automatically merged.` To merge,
             click the big blue button! To enable this feature, see :ref:`server-side-merge`.
             Manual Merge a |PR|
             ^^^^^^^^^^^^^^^^^^^
-            If |RCM| cannot safely merge the changes in a |pr|,
+            If |RCE| cannot safely merge the changes in a |pr|,
             usually due to conflicts, you need to manually merge the changes on the
             command line. You can see more information for each |repo| type at the
             following links:

docs/collaboration/notifications-overview.rst

0 +1 -1

             Notifications Overview
             ----------------------
-            |RCM| has an integrated notification system which alerts users to requests
+            |RCE| has an integrated notification system which alerts users to requests
             that they have received. Notifications can occur for the following reasons:
             * Pull request reviews

docs/collaboration/pull-req-mgmt.rst

0 +2 -2

             .. only:: html
-                There are two ways of tracking |prs| within |RCM|.
+                There are two ways of tracking |prs| within |RCE|.
 . :ref:`prs-your-review`
 . :ref:`prs-per-repo`
             To view pull requests for your review, use the following steps:
-. From the |RCM| interface, Select
+. From the |RCE| interface, Select
                :menuselection:`username --> Notifications`
 . Select :guilabel:`Pull Requests`

docs/collaboration/review-pull-request.rst

0 +1 -1

 . Select Comment
             When the |pr| is approved by all reviewers you will be able to merge
-            automatically if |RCM| detects that it can do so safely. You will see this
+            automatically if |RCE| detects that it can do so safely. You will see this
             message: `This pull request can be automatically merged.`
             If rejected, you can fix the issues raised during review and then update the

docs/collaboration/supported-workflows.rst

0 +1 -1

             Supported Workflows
             -------------------
-            |RCM| can be used to develop using a variety of different workflows.
+            |RCE| can be used to develop using a variety of different workflows.
             * Centralized, using |svn|, |git|, or |hg| |repos|
             * Feature-Branch, using |git| or |hg| |repos|

docs/common.py

0 0 -4

             .. |psf| replace:: Python Software Foundation
             .. |repo| replace:: repository
             .. |repos| replace:: repositories
-            .. |RCI| replace:: RhodeCode Control
             .. |RCC| replace:: RhodeCode Control
-            .. |RCV| replace:: RhodeCode Enterprise
-            .. |RCM| replace:: RhodeCode Enterprise
             .. |RCE| replace:: RhodeCode Enterprise
             .. |RCCE| replace:: RhodeCode Community
             .. |RCEE| replace:: RhodeCode Enterprise
             .. |RCT| replace:: RhodeCode Tools
             .. |RCEBOLD| replace:: **RhodeCode Enterprise**
             .. |RCEITALICS| replace:: `RhodeCode Enterprise`
-            .. |RC| replace:: RhodeCode
             .. |RNS| replace:: Release Notes
             '''

docs/extensions/extensions-hooks.rst

0 +1 -1

             Hooks
             -----
-            Within |RCM| there are two types of supported hooks.
+            Within |RCE| there are two types of supported hooks.
             * **Internal built-in hooks**: The internal |hg|, |git| or |svn| hooks are
               triggered by different VCS operations, like push, pull,

docs/index.rst

0 +4 -4

-            |RCM|
+            |RCE|
             =====
-            |RCM| is a high-performance source code management and collaboration system.
+            |RCE| is a high-performance source code management and collaboration system.
             It enables you to develop projects securely behind the firewall while
             providing collaboration tools that work with |git|, |hg|,
             and |svn| |repos|. The user interface allows you to create, edit,
             and commit files and |repos| while managing their security permissions.
-            |RCM| provides the following features:
+            |RCE| provides the following features:
             * Source code management.
             * Extended permissions management.
             * Web-based hook management.
             * Native |svn| support.
             * Migration from existing databases.
-            * |RCM| SDK.
+            * |RCE| SDK.
             * Built-in analytics
             * Built in integrations including: Slack, Webhooks (used for Jenkins/TeamCity and other CIs), Jira, Redmine, Hipchat
             * Pluggable authentication system.

docs/install/install-database.rst

0 +18 -20

@@ -5,8 +5,24 b' Supported Databases'
5		5
6	.. important::	6	.. important::
7		7
8	We do not recommend using SQLite in a production environment~~. It is~~	8	We do not recommend using SQLite in a production environment of more than 5 people.
9	supported by \|RCE\| for evaluation purposes.	9	It is not suited for higher usage and mayb cause problems.
		10
		11
		12	\|RCE\| supports the following databases. The recommended encoding is UTF-8.
		13
		14	.. only:: latex
		15
		16	* :ref:`install-sqlite-database`
		17	* :ref:`install-mysql-database`
		18	* :ref:`install-postgresql-database`
		19
		20	.. toctree::
		21
		22	using-mysql
		23	using-postgresql
		24	using-sqllite
		25
10		26
11	Database Overview	27	Database Overview
12	-----------------	28	-----------------
@@ -48,21 +64,3 b' following example to configure the corre'
48	# for the RCE instance you are installing	64	# for the RCE instance you are installing
49	Database name: example-db-name-for-2xx # The 2xx version database	65	Database name: example-db-name-for-2xx # The 2xx version database
50	Database name: example-db-name-for-3xx # The 3xx version database	66	Database name: example-db-name-for-3xx # The 3xx version database
51
52	Supported Databases
53	-------------------
54
55	\|RCM\| supports the following databases. The recommended encoding is Unicode
56	UTF-8.
57
58	.. only:: latex
59
60	* :ref:`install-sqlite-database`
61	* :ref:`install-mysql-database`
62	* :ref:`install-postgresql-database`
63
64	.. toctree::
65
66	using-mysql
67	using-postgresql
68	using-sqllite

docs/install/install-steps.rst

0 +1 -1

             =======================
             The following tasks are the most common post installation requirements. Use
-            the information in these sections to configure your instance of |RCM|.
+            the information in these sections to configure your instance of |RCE|.
             .. toctree::

docs/install/migrate-repos.rst

0 +6 -6

             Migrating |repos|
             -----------------
-            If you have installed |RCM| and have |repos| that you wish to migrate into
+            If you have installed |RCE| and have |repos| that you wish to migrate into
             the system, use the following instructions.
-. On the |RCM| interface, check your |repo| storage location under
+. On the |RCE| interface, check your |repo| storage location under
                :menuselection:`Admin --> Settings --> System Info`. For example,
                Storage location: /home/{username}/repos.
-. Copy the |repos| that you want |RCM| to manage to this location.
+. Copy the |repos| that you want |RCE| to manage to this location.
 . Remap and rescan the |repos|, see :ref:`remap-rescan`
             .. important::
-               Directories create |repo| groups inside |RCM|.
+               Directories create |repo| groups inside |RCE|.
-               Importing adds |RCM| git hooks to your |repos|.
+               Importing adds |RCE| git hooks to your |repos|.
                You should verify if custom ``.hg`` or ``.hgrc`` files inside
-               repositories should be adjusted since |RCM| reads the content of them.
+               repositories should be adjusted since |RCE| reads the content of them.

docs/install/quick-start.rst

0 +4 -1

             .. code-block:: bash
-                $ chmod 755 RhodeCode-installer-linux-*
+                $ chmod +x RhodeCode-installer-linux-*
                 $ ./RhodeCode-installer-linux-*
+                Do you accept the RhodeCode Control license?
+                Press [Y] to accept license and [V] to view license text: y
 . Install a VCS Server, and configure it to start at boot.
             .. code-block:: bash

docs/install/setup-email.rst

0 +2 -2

             Set up Email
             ------------
-            To setup email with your |RCM| instance, open the default
+            To setup email with your |RCE| instance, open the default
             :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
             file and uncomment and configure the email section. If it is not there,
             use the below example to insert it.
-            Once configured you can check the settings for your |RCM| instance on the
+            Once configured you can check the settings for your |RCE| instance on the
             :menuselection:`Admin --> Settings --> Email` page.
             .. code-block:: ini

docs/install/using-mysql.rst

0 +3 -3

             ----------------
             To use a MySQL or MariaDB database you should install and configure the
-            database before installing |RCM|. This is because during |RCM| installation
+            database before installing |RCE|. This is because during |RCE| installation
             you will setup a connection to your MySQL or MariaDB database. To work with
             either, use the following steps:
 . Depending on your |os|, install a MySQL or MariaDB database following the
                appropriate instructions from the `MySQL website`_ or `MariaDB website`_.
 . Configure the database with a username and password which you will use
-               with |RCM|.
+               with |RCE|.
-. Install |RCM|, and during installation select MySQL as your database.
+. Install |RCE|, and during installation select MySQL as your database.
 . Enter the following information during the database setup:
                * Your network IP Address

docs/install/using-postgresql.rst

0 +3 -3

             ----------
             To use a PostgreSQL database, you should install and configure the database
-            before installing |RCV|. This is because during |RCV| installation you will
+            before installing |RCE|. This is because during |RCE| installation you will
             setup the connection to your PostgreSQL database. To work with PostgreSQL,
             use the following steps:
 . Depending on your |os|, install a PostgreSQL database following the
                appropriate instructions from the `PostgreSQL website`_.
 . Configure the database with a username and password, which you will use
-               with |RCV|.
+               with |RCE|.
-. Install |RCV|, and during installation select PostgreSQL as your database.
+. Install |RCE|, and during installation select PostgreSQL as your database.
 . Enter the following information during the database setup:
                * Your network IP Address

docs/install/using-sqllite.rst

0 +3 -3

                 as it has an internal locking mechanism which can become a performance
                 bottleneck when there are more than 5 concurrent users.
-            |RCM| installs SQLite as the default database if you do not specify another
+            |RCE| installs SQLite as the default database if you do not specify another
             during installation. SQLite is suitable for small teams,
             projects with a low load, and evaluation purposes since it is built into
-            |RCM| and does not require any additional database server.
+            |RCE| and does not require any additional database server.
             Using MySQL or PostgreSQL in an large setup gives you much greater
             performance, and while migration tools exist to move from one database type
             to another, it is better to get it right first time and to immediately use
-            MySQL or PostgreSQL when you deploy |RCM| in a production environment.
+            MySQL or PostgreSQL when you deploy |RCE| in a production environment.
             Migrating From SQLite to PostgreSQL
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

docs/integrations/integrations.rst

0 +13 -13

@@ -11,20 +11,20 b' different Slack channels, for example.'
11	Supported integrations	11	Supported integrations
12	^^^^^^^^^^^^^^^^^^^^^^	12	^^^^^^^^^^^^^^^^^^^^^^
13		13
14	================================ ============ ========================================	14	================================ ================== ========================================
15	Type/Name ~~\|RC\|~~ Edition Description	15	Type/Name RhodeCode Edition Description
16	================================ ============ ========================================	16	================================ ================== ========================================
17	:ref:`integrations-webhook` \|RCCEshort\| Trigger events as `json` to a custom url	17	:ref:`integrations-webhook` \|RCCEshort\| Trigger events as `json` to a custom url
18	:ref:`integrations-slack` \|RCCEshort\| Integrate with https://slack.com/	18	:ref:`integrations-slack` \|RCCEshort\| Integrate with https://slack.com/
19	:ref:`integrations-hipchat` \|RCCEshort\| Integrate with https://www.hipchat.com/	19	:ref:`integrations-hipchat` \|RCCEshort\| Integrate with https://www.hipchat.com/
20	:ref:`integrations-email` \|RCCEshort\| Send repo push commits by email	20	:ref:`integrations-email` \|RCCEshort\| Send repo push commits by email
21	:ref:`integrations-ci` \|RCCEshort\| Trigger Builds for Common CI Systems	21	:ref:`integrations-ci` \|RCCEshort\| Trigger Builds for Common CI Systems
22	:ref:`integrations-rcextensions` \|RCCEshort\| Advanced low-level integration framework	22	:ref:`integrations-rcextensions` \|RCCEshort\| Advanced low-level integration framework
23		23
24	:ref:`integrations-jenkins` \|RCEEshort\| Trigger Builds for Jenkins CI System	24	:ref:`integrations-jenkins` \|RCEEshort\| Trigger Builds for Jenkins CI System
25	:ref:`integrations-redmine` \|RCEEshort\| Close/Resolve/Reference Redmine issues	25	:ref:`integrations-redmine` \|RCEEshort\| Close/Resolve/Reference Redmine issues
26	:ref:`integrations-jira` \|RCEEshort\| Close/Resolve/Reference JIRA issues	26	:ref:`integrations-jira` \|RCEEshort\| Close/Resolve/Reference JIRA issues
27	================================ ============ ========================================	27	================================ ================== ========================================
28		28
29	.. _creating-integrations:	29	.. _creating-integrations:
30		30

docs/issue-trackers/issue-trackers.rst

0 +1 -1

             * At the |repo| level, you can configure an integration with a different issue
               tracker.
-            To integrate |RCM| with an issue tracker, you need to define a regular
+            To integrate |RCE| with an issue tracker, you need to define a regular
             expression that will fetch the issue ID stored in commit messages, and replace
             it with a URL. This enables |RCE| to generate a link matching each issue to the
             target |repo|.

docs/known-issues/error-msg-guide.rst

0 +1 -1

             Error creating repository repo-name
             Cause
-            As of |RCM| 3.0, a VCS Server is required to run backend operations.
+            As of |RCE| 3.0, a VCS Server is required to run backend operations.
             Solution
             Install a VCS Server. See the `Install a VCS Server`_ section of |RCC|

docs/nix/nix.rst

0 +1 -1

             Nix Packaging
             =============
-            |RCM| is installed using |Nix Package Manager|. The Nix environment provides
+            |RCE| is installed using |Nix Package Manager|. The Nix environment provides
             the following features for maintenance and deployment:
             * Atomic upgrades and rollbacks

docs/release-notes/release-notes-3.0.0.rst

0 +1 -1

             |RCE| 3.0.0 |RNS|
             -----------------
-            As |RCM| 3.0 is a big release, the release notes have been split into the following sections:
+            As |RCE| 3.0 is a big release, the release notes have been split into the following sections:
             * :ref:`general-rn-ref`
             * :ref:`security-rn-ref`

docs/tools/install-tools.rst

0 +2 -2

             Installing |RCT|
             ^^^^^^^^^^^^^^^^
-            |RCT| enable you to automate many of the most common |RCM| functions through
+            |RCT| enable you to automate many of the most common |RCE| functions through
             the API. Installing them on a local machine lets you carry out maintenance on
             the server remotely. Once installed you can use them to index your |repos|
-            to setup full-text search, strip commits, or install |RC| Extensions for
+            to setup full-text search, strip commits, or install RhodeCode Extensions for
             additional functionality.
             For more detailed instructions about using |RCT| for indexing and full-text

docs/tools/rhodecode-tools.rst

0 +1 -1

             |RCT|
             =====
-            |RCT| enable you to automate many of the most common |RCM| functions through
+            |RCT| enable you to automate many of the most common |RCE| functions through
             the API.
             .. toctree::

docs/tools/tools-cli.rst

0 +5 -5

             ---------------
             Use |RCT| to setup automation, run the indexer, and install extensions for
-            your |RCM| instances. Options:
+            your |RCE| instances. Options:
             .. rst-class:: dl-horizontal
             rhodecode-api
             -------------
-            The |RC| API lets you connect to |RCE| and carry out management tasks from a
+            The RhodeCode API lets you connect to |RCE| and carry out management tasks from a
             remote machine, for more information about the API, see the :ref:`api`. To
             pass arguments on the command-line use the ``method:option`` syntax.
             rhodecode-cleanup-gists
             -----------------------
-            Use this to delete gists within |RCM|. Options:
+            Use this to delete gists within |RCE|. Options:
             .. rst-class:: dl-horizontal
             rhodecode-cleanup-repos
             -----------------------
-            Use this to manage |repos| and |repo| groups within |RCM|. Options:
+            Use this to manage |repos| and |repo| groups within |RCE|. Options:
             .. rst-class:: dl-horizontal
             rhodecode-gist
             --------------
-            Use this to create, list, show, or delete gists within |RCM|. Options:
+            Use this to create, list, show, or delete gists within |RCE|. Options:
             .. rst-class:: dl-horizontal

docs/tools/tools-overview.rst

0 +1 -1

             :ref:`install-tools`, and :ref:`config-rhoderc`.
             Once |RCT| is installed, and the :file:`/home/{user}/.rhoderc` file is
-            configured you can then use |RCT| on each |RCM| instance to carry out admin
+            configured you can then use |RCT| on each |RCE| instance to carry out admin
             tasks. Use the following example to configure that file,
             and once configured see the :ref:`tools-cli` for more details.

docs/tutorials/deploy-from-host.rst

0 +2 -2

                 # Check that the script is uploaded to your home directory
                 $ ls -1
-                RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3
+                RhodeCode-installer-linux-buildYYYYXXXX_ZZZZ
                 # Change the script permissions
-                $ chmod 755 RhodeCode-installer-linux*
+                $ chmod +x RhodeCode-installer-linux*
                 # Run the installer and accept the prompts
                 $ ./RhodeCode-installer-linux-*

docs/tutorials/git-lfs-ext.rst

0 +4 -4

             Git Large File Storage (or LFS) is a new, open-source extension to Git that
             aims to improve handling of large files. It does this by replacing large files
             in your repository—such as graphics and videos—with simple text pointers.
-            |RC| Server includes an embedded LFS object store server, allowing storage of
+            RhodeCode Server includes an embedded LFS object store server, allowing storage of
             large files without the need for an external object store.
             Git LFS is disabled by default, globally, and for each individual repository.
             .. note::
-                |RC| implements V2 API of Git LFS. Please make sure your git client is
+                RhodeCode implements V2 API of Git LFS. Please make sure your git client is
                 using the latest version (2.0.X recommended) to leverage full feature set
                 of the V2 API.
             Enabling Git LFS
             ++++++++++++++++
-            Git LFS is disabled by default within |RC| Server.
+            Git LFS is disabled by default within RhodeCode Server.
             To enable Git LFS Globally:
             The object itself will be uploaded to a separate location via the Git LFS Batch API.
-            The transfer is validated and authorized by |RC| server itself.
+            The transfer is validated and authorized by RhodeCode server itself.
             If give repository has Git LFS disabled, a proper message will be sent back to
             the client and upload of LFS objects will be forbidden.

docs/tutorials/hg-large-ext.rst

0 +1 -1

             Enabling HG Largefiles
             ++++++++++++++++++++++
-            Mercurial Largefiles extension is disabled by default within |RC| Server.
+            Mercurial Largefiles extension is disabled by default within RhodeCode Server.
             To enable Mercurial Largefiles Globally:

docs/tutorials/windows-to-linux.rst

0 +1 -1

             * For MySQL, do not use `localhost` in the database connection string of the
               :file:`rhodecode.ini` file.
             * InnoDB must be the database tables engine.
-            * Contact |RC| for a new licence Key/Token pair. If you don't, a trial licence
+            * Contact RhodeCode for a new licence Key/Token pair. If you don't, a trial licence
               will be applied so you are not locked out of the upgraded instance.
             You can find the specific instructions to carry out these pre-requisite steps

docs/usage/basic-vcs-commands.rst

0 +4 -4

             Getting Started with VCS
             ------------------------
-            When using |RCM|, you will be working with |git|, |svn| or |hg| |repos| from the
+            When using |RCE|, you will be working with |git|, |svn| or |hg| |repos| from the
             command line or using a GUI client such as Tortoise, Tower or SourceTree.
-            |RCM| uses a standard |git|, |svn| and |hg| protocols. So all tools that
+            |RCE| uses a standard |git|, |svn| and |hg| protocols. So all tools that
             can interact with there protocols are supported, including Eclipse or PyCharm
             plugins.
             If you have never used either before, the following information should
             help you set up your local machine so that you can sync changes with the
-            |RCM| server.
+            |RCE| server.
-            All of the following instructions assume you have a |RCM| account,
+            All of the following instructions assume you have a |RCE| account,
             and you can access your |repos| from the web interface.
             .. note::

docs/usage/file-editing.rst

0 +3 -3

             To edit files using the online editor, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> Repositories`
+. From the |RCE| interface, select :menuselection:`Admin --> Repositories`
 . Select the |repo| in which you want to edit a file.
 . Select the :guilabel:`file` view of the |repo|, and double-click on the file.
 . To open the editor, select the :guilabel:`edit on branch:default` button.
-               * If the filename has an extension |RCM| recognises,
+               * If the filename has an extension |RCE| recognises,
                  the syntax highlighting will appear automatically.
-               * If the filename does not have an extension |RCM| recognises,
+               * If the filename does not have an extension |RCE| recognises,
                  you can set the language syntax highlighter by
                  choosing from the file type drop down menu.
 . To save your changes, select :guilabel:`Commit changes`

docs/usage/gist-editing.rst

0 +2 -2

             ^^^^^^^^^^^^
             Gists are standalone files that only the creator can edit. To work with
-            gists, click on the :guilabel:`Gists` tab on the |RCM| header. The gist
+            gists, click on the :guilabel:`Gists` tab on the |RCE| header. The gist
             editor also has syntax highlighting.
             You can set the following properties for each gist:
               and will show up in searches.
             * :guilabel:`Gist Lifetime`: You can set a gist to expire after a set
               period by using the :guilabel:`Gist Lifetime` dropdown menu.
-              This means that when the gist expires it will be deleted from the |RCM|
+              This means that when the gist expires it will be deleted from the |RCE|
               gist database.
             * :guilabel:`Private`: This means that the gist will not show up in searches.
             * :guilabel:`Gist access level`: If you create a private gist you can have

docs/usage/online-editing.rst

0 +1 -1

             Online Editing
             --------------
-            |RCM| has an integrated online editor, allowing you to edit files in the
+            |RCE| has an integrated online editor, allowing you to edit files in the
             browser. The online editor has syntax highlighting and the ability to fork,
             merge, and commit changes to files.

rhodecode/authentication/plugins/auth_ldap.py

0 +1 -1

                     colander.Int(),
                     default=389,
                     description=_('Custom port that the LDAP server is listening on. '
-                                  'Default value is: 389'),
+                                  'Default value is: 389, use 689 for LDAPS(SSL)'),
                     preparer=strip_whitespace,
                     title=_('Port'),
                     validator=colander.Range(min=0, max=65536),

rhodecode/public/css/type.less

0 +1 -1

               color: @grey4;
               font-family: @text-light;
               &.pre-formatting {
-                  white-space: pre;
+                  white-space: pre-wrap;
               }
             }

rhodecode/templates/admin/auth/plugin_settings.mako

0 +13 -2

                             ${h.end_form()}
                           </div>
                         </div>
+            % if request.GET.get('schema'):
+            ## this is for development and creation of example configurations for documentation
+            <pre>
+                % for node in plugin.get_settings_schema():
+                *option*: `${node.name}` => `${defaults.get(node.name)}`${'\n    # '.join(['']+node.description.splitlines())}
+                % endfor
+            </pre>
+            % endif
                       </div>
                     </div>
                   </div>
                 </div>
               </div>
-            ## TODO: Ugly hack to get ldap select elements to work.
-            ##       Find a solution to integrate this nicely.
             <script>
             $(document).ready(function() {
               var select2Options = {

docs/images/ldap-example.png

0 removed binary 0 0

NO CONTENT: file was removed, binary diff hidden

docs/images/ldap-groups-example.png

0 removed binary 0 0

NO CONTENT: file was removed, binary diff hidden

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages