Feature #759
Setup LDAP Authentication for GitLab
Description
This is a guide on how to setup LDAP authentication for users on GitLab. The LDAP server is OpenLDAP on FreeBSD 9, but should work on any LDAP server.
Populate the LDAP Server¶
- Create the People Organizational Unit ldif file:
vi ~/people-ou.ldif
- And add the following:
dn: ou=People,dc=example,dc=com objectclass: organizationalUnit ou: People
- And add the following:
- Import the People OU file into the server:
ldapadd -D "cn=Manager,dc=example,dc=com" -W -f ~/people-ou.ldif
- Create the bob user ldif file:
vi ~/bob.ldif
- And add the following:
dn: cn=Bob Guy,ou=People,dc=example,dc=com cn: Bob Guy givenname: Bob initials: BG mail: bob@example.com objectclass: inetOrgPerson objectclass: organizationalPerson objectclass: person sn: Guy uid: bob userpassword: {MD5}X03MO1qnZdYdgyfeuILPmQ== - NOTE: The password for bob is password.
- And add the following:
Setup LDAP Authentication¶
- Edit the gitlab config file:
vi /home/git/gitlab/config/gitlab.yml
- And modify the LDAP settings accordingly:
ldap: enabled: true servers: main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'LDAP Server' host: 'ldap.example.com' port: 389 uid: 'uid' method: 'plain' bind_dn: 'cn=Manager,dc=example,dc=com' password: 'SuperSecretPassword' timeout: 10 active_directory: false allow_username_or_email_login: true block_auto_created_users: false base: 'ou=People,dc=example,dc=com' user_filter: '' attributes: username: ['uid', 'userid', 'sAMAccountName'] email: ['mail', 'email', 'userPrincipalName'] name: 'cn' first_name: 'givenName' last_name: 'sn'
- And modify the LDAP settings accordingly:
- Restart gitlab for the settings to take effect:
sevice gitlab restart
- Switch to the git user and check the LDAP connection:
su - git cd ~/gitlab bundle exec rake gitlab:ldap:check RAILS_ENV=production
Updated by Daniel Curtis almost 9 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100