Project

General

Profile

Feature #759

Setup LDAP Authentication for GitLab

Added by Daniel Curtis over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Start date:
02/28/2016
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:

Description

This is a guide on how to setup LDAP authentication for users on GitLab. The LDAP server is OpenLDAP on FreeBSD 9, but should work on any LDAP server.

Populate the LDAP Server

  • Create the People Organizational Unit ldif file:
    vi ~/people-ou.ldif
    
    • And add the following:
      dn: ou=People,dc=example,dc=com
      objectclass: organizationalUnit
      ou: People
      
  • Import the People OU file into the server:
    ldapadd -D "cn=Manager,dc=example,dc=com" -W -f ~/people-ou.ldif
    
  • Create the bob user ldif file:
    vi ~/bob.ldif
    
    • And add the following:
      dn: cn=Bob Guy,ou=People,dc=example,dc=com
      cn: Bob Guy
      givenname: Bob
      initials: BG
      mail: bob@example.com
      objectclass: inetOrgPerson
      objectclass: organizationalPerson
      objectclass: person
      sn: Guy
      uid: bob
      userpassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
      
    • NOTE: The password for bob is password.

Setup LDAP Authentication

  • Edit the gitlab config file:
    vi /home/git/gitlab/config/gitlab.yml
    
    • And modify the LDAP settings accordingly:
        ldap:
          enabled: true
          servers:
            main: # 'main' is the GitLab 'provider ID' of this LDAP server
              label: 'LDAP Server'
      
              host: 'ldap.example.com'
              port: 389
              uid: 'uid'
              method: 'plain'
              bind_dn: 'cn=Manager,dc=example,dc=com'
              password: 'SuperSecretPassword'
      
              timeout: 10
      
              active_directory: false
      
              allow_username_or_email_login: true
      
              block_auto_created_users: false
      
              base: 'ou=People,dc=example,dc=com'
      
              user_filter: ''
      
              attributes:
                username: ['uid', 'userid', 'sAMAccountName']
                email:    ['mail', 'email', 'userPrincipalName']
                name:       'cn'
                first_name: 'givenName'
                last_name:  'sn'
      
  • Restart gitlab for the settings to take effect:
    sevice gitlab restart
    
  • Switch to the git user and check the LDAP connection:
    su - git
    cd ~/gitlab
    bundle exec rake gitlab:ldap:check RAILS_ENV=production
    

History

#1 Updated by Daniel Curtis over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Daniel Curtis over 1 year ago

  • Category set to Authentication

#3 Updated by Daniel Curtis over 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF