LDAP:
GitLab integrates with LDAP to support user authentication. This integration works with most LDAP-compliant directory servers, including Microsoft Active Directory, Apple Open Directory, Open LDAP, and 389 Server. GitLab EE includes enhanced integration, including group membership syncing.
Security:
GitLab assumes that LDAP users are not able to change their LDAP 'mail', 'email' or 'userPrincipalName' attribute. An LDAP user who is allowed to change their email on the LDAP server can potentially take over any account on your GitLab server.
We recommend against using LDAP integration if your LDAP users are allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on the LDAP server.
Configuration:
Before this you have add the AD hostname to the host entry. So it will communicate without any trouble.
Create one user in AD for Ldap authentication.
Simply we can configure this through this following file /etc/gitlab/gitlab.rb
Need to open /etc/gitlab/gitlab.rb file with your favorite editor. Then follow the steps below.
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'testserver.com'
port: 389
uid: 'sAMAccountName'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: 'CN=git,DC=testserver,DC=com'
password: '**************'
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: 'DC=testserver,DC=Com'
user_filter: ''
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
## EE only
group_base: 'OU=GitG,DC=testserver,DC=com' - optional
admin_group: 'administrators' - optional
sync_ssh_keys: false
EOS
GitLab integrates with LDAP to support user authentication. This integration works with most LDAP-compliant directory servers, including Microsoft Active Directory, Apple Open Directory, Open LDAP, and 389 Server. GitLab EE includes enhanced integration, including group membership syncing.
Security:
GitLab assumes that LDAP users are not able to change their LDAP 'mail', 'email' or 'userPrincipalName' attribute. An LDAP user who is allowed to change their email on the LDAP server can potentially take over any account on your GitLab server.
We recommend against using LDAP integration if your LDAP users are allowed to change their 'mail', 'email' or 'userPrincipalName' attribute on the LDAP server.
Configuration:
Before this you have add the AD hostname to the host entry. So it will communicate without any trouble.
Create one user in AD for Ldap authentication.
Simply we can configure this through this following file /etc/gitlab/gitlab.rb
Need to open /etc/gitlab/gitlab.rb file with your favorite editor. Then follow the steps below.
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'testserver.com'
port: 389
uid: 'sAMAccountName'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: 'CN=git,DC=testserver,DC=com'
password: '**************'
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: 'DC=testserver,DC=Com'
user_filter: ''
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
## EE only
group_base: 'OU=GitG,DC=testserver,DC=com' - optional
admin_group: 'administrators' - optional
sync_ssh_keys: false
EOS
No comments:
Post a Comment