-
Notifications
You must be signed in to change notification settings - Fork 5
LDAP Authentication GitLab
elurex edited this page Mar 25, 2019
·
1 revision
nano /etc/gitlab/gitlab.rb
gitlab_rails['ldap_enabled'] = true
###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: '<ldap server ip>'
port: 389
uid: 'cn'
bind_dn: 'cn=admin,dc=example,dc=com'
password: '<your ldap password>'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: false
smartcard_auth: false
active_directory: false
allow_username_or_email_login: true
lowercase_usernames: true
block_auto_created_users: false
base: 'ou=Users,dc=example,dc=com'
user_filter: '(&(objectClass=inetOrgPerson)(employeeType=developer))'
attributes:
username: ['uid', 'cn']
email: ['mail']
name: 'gecos'
first_name: 'givenName'
last_name: 'sn'
lowercase_usernames: true
group_base: 'ou=Groups,dc=example,dc=com'
admin_group: 'sudoers'
sync_ssh_keys: false
# admin_group can be your any other desire grouple and it can be only one.
#
# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
# label: 'LDAP'
# host: '_your_ldap_server'
# port: 389
# uid: 'sAMAccountName'
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
# password: '_the_password_of_the_bind_user'
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
# smartcard_auth: false
# active_directory: true
# allow_username_or_email_login: false
# lowercase_usernames: false
# block_auto_created_users: false
# base: ''
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
EOSKeep in mind, only employeeType=developer can have access to gitlab, this is the filter I have set, you can adjust accordingly
gitlab-ctl reconfigure;gitlab-ctl restart;
You can login with ldap user account that is in the sudoers group and it will automatically grant with admin status