Merge pull request #25674 from github/repo-sync

Octomerger · web-flow · commit 317bdb3e26cd · 2023-05-23T10:35:50.000-04:00
repo sync
diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md b/content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md
@@ -12,7 +12,7 @@ topics:
 redirect_from:
   - /admin/github-actions/using-the-latest-version-of-the-official-bundled-actions
 shortTitle: Use the latest bundled actions
---- 
+---
 {% data reusables.actions.enterprise-github-hosted-runners %}
 
 Your enterprise instance includes a number of built-in actions that you can use in your workflows. For more information about the bundled actions, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise#official-actions-bundled-with-your-enterprise-instance)."
@@ -30,7 +30,7 @@ You can use {% data variables.product.prodname_github_connect %} to allow {% dat
 Once {% data variables.product.prodname_github_connect %} is configured, you can use the latest version of an action by deleting its local repository in the `actions` organization on your instance. For example, if your enterprise instance is using `v1` of the `actions/checkout` action, and you need to use `{% data reusables.actions.action-checkout %}` which isn't available on your enterprise instance, perform the following steps to be able to use the latest `checkout` action from {% data variables.product.prodname_dotcom_the_website %}:
 
 1. From an enterprise owner account on {% data variables.product.product_name %}, navigate to the repository you want to delete from the *actions* organization (in this example `checkout`).
-1. By default, site administrators are not owners of the bundled *actions* organization. To get the access required to delete the `checkout` repository, you must use the site admin tools. Click {% octicon "rocket" aria-hidden="true" %} in the upper-right corner of any page in that repository.
+1. By default, site administrators are not owners of the bundled *actions* organization. To get the access required to delete the `checkout` repository, you must use the site admin tools. Click {% octicon "rocket" aria-label="Site admin" %} in the upper-right corner of any page in that repository.
 1. Click {% octicon "shield-lock" aria-hidden="true" %} **Security** to see an overview of the security for the repository.
 
    ![Screenshot of the site admin details for a repository. The "Security" link is highlighted with an orange outline.](/assets/images/enterprise/site-admin-settings/access-repo-security-info.png)
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md
@@ -65,7 +65,7 @@ You can map a team in your enterprise to an Okta group you previously pushed to
 
 Enterprise owners can use the site admin dashboard to check how Okta groups are mapped to teams on {% data variables.product.prodname_ghe_managed %}.
 
-1. To access the dashboard, in the upper-right corner of any page, click {% octicon "rocket" aria-hidden="true" %}.
+1. To access the dashboard, in the upper-right corner of any page, click {% octicon "rocket" aria-label="Site admin" %}.
 1. In the left pane, click **External groups**.
 1. To view more details about a group, in the list of external groups, click on a group.
 1. The group's details includes the name of the Okta group, a list of the Okta users that are members of the group, and the corresponding mapped team on {% data variables.product.prodname_ghe_managed %}.
diff --git a/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/viewing-push-logs.md b/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/viewing-push-logs.md
@@ -31,7 +31,7 @@ Push log entries show:
 
 1. Sign into {% data variables.product.prodname_ghe_server %} as a site administrator.
 1. Navigate to a repository.
-1. In the upper-right corner of the repository's page, click {% octicon "rocket" aria-hidden="true" %}.
+1. In the upper-right corner of the repository's page, click {% octicon "rocket" aria-label="Site admin" %}.
 {% data reusables.enterprise_site_admin_settings.security-tab %}
 1. In the left sidebar, click **Push Log**.
 
diff --git a/content/organizations/organizing-members-into-teams/adding-organization-members-to-a-team.md b/content/organizations/organizing-members-into-teams/adding-organization-members-to-a-team.md
@@ -24,6 +24,12 @@ shortTitle: Add members to a team
 
 {% data reusables.organizations.team-synchronization %}
 
+{% ifversion ghes %}
+
+## Adding organization members to a team
+
+{% endif %}
+
 {% data reusables.profile.access_org %}
 {% data reusables.user-settings.access_org %}
 {% data reusables.organizations.specific_team %}
@@ -34,7 +40,16 @@ shortTitle: Add members to a team
 
 {% ifversion fpt or ghec %}{% data reusables.organizations.cancel_org_invite %}{% endif %}
 
+{% ifversion ghes %}
+
+## Mapping teams to LDAP groups (for instances using LDAP Sync for user authentication)
+
+A team that's [synced to an LDAP group](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync) is indicated with a special LDAP badge. The member list for an LDAP synced team can only be managed from the LDAP group it's mapped to.
+
+To add a new member to a team synced to an LDAP group, add the user as a member of the LDAP group, or contact your LDAP administrator.
+
+{% endif %}
+
 ## Further reading
 
-- "[AUTOTITLE](/organizations/organizing-members-into-teams/about-teams)"
 - "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)"
diff --git a/content/organizations/organizing-members-into-teams/creating-a-team.md b/content/organizations/organizing-members-into-teams/creating-a-team.md
@@ -22,6 +22,12 @@ Only organization owners and maintainers of a parent team can create a new child
 
 {% data reusables.organizations.team-synchronization %}
 
+{% ifversion ghes %}
+
+## Creating a team
+
+{% endif %}
+
 {% data reusables.profile.access_org %}
 {% data reusables.user-settings.access_org %}
 {% data reusables.organizations.new_team %}
@@ -38,8 +44,34 @@ Only organization owners and maintainers of a parent team can create a new child
 {% data reusables.organizations.create_team %}
 1. Optionally, [give the team access to organization repositories](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository).
 
-## Further reading
+{% ifversion ghes %}
+
+## Creating teams with LDAP Sync enabled
+
+Instances using LDAP for user authentication can use LDAP Sync to manage a team's members. Setting the group's **Distinguished Name** (DN) in the **LDAP group** field will map a team to an LDAP group on your LDAP server. If you use LDAP Sync to manage a team's members, you won't be able to manage your team within {% data variables.location.product_location %}. The mapped team will sync its members in the background and periodically at the interval configured when LDAP Sync is enabled. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync)."
+
+You must be a site admin and an organization owner to create a team with LDAP sync enabled.
+
+{% data reusables.enterprise_user_management.ldap-sync-nested-teams %}
+
+{% warning %}
+
+**Notes:**
+- LDAP Sync only manages the team's member list. You must manage the team's repositories and permissions from within {% data variables.product.prodname_ghe_server %}.
+- If an LDAP group mapping to a DN is removed, such as if the LDAP group is deleted, then every member is removed from the synced {% data variables.product.prodname_ghe_server %} team. To fix this, map the team to a new DN, add the team members back, and [manually sync the mapping](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#manually-syncing-ldap-accounts).
+- When LDAP Sync is enabled, if a person is removed from a repository, they will lose access but their forks will not be deleted. If the person is added to a team with access to the original organization repository within three months, their access to the forks will be automatically restored on the next sync.
+
+{% endwarning %}
 
-- "[AUTOTITLE](/organizations/organizing-members-into-teams/about-teams)"
-- "[AUTOTITLE](/organizations/organizing-members-into-teams/changing-team-visibility)"
-- "[AUTOTITLE](/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy)"
+1. Ensure that [LDAP Sync is enabled](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync).
+{% data reusables.profile.access_org %}
+{% data reusables.user-settings.access_org %}
+{% data reusables.organizations.new_team %}
+{% data reusables.organizations.team_name %}
+6. Under "LDAP group", search for an LDAP group's DN to map the team to. If you don't know the DN, type the LDAP group's name. {% data variables.product.prodname_ghe_server %} will search for and autocomplete any matches.
+{% data reusables.organizations.team_description %}
+{% data reusables.organizations.team_visibility %}
+{% data reusables.organizations.create-team-choose-parent %}
+{% data reusables.organizations.create_team %}
+
+{% endif %}
