All geek questions in one place

Gitlab Ldap Authentication Settings

Current Wednesday:

  • Gitlab Server: Centos 6.5
  • Active Directory: Windows Server 2008 R2

Can anyone check these dummy settings for Ldap authentication in Gitlab 7.1.1?

gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_host'] = 'myserver.dom.com.net' gitlab_rails['ldap_port'] = 389 gitlab_rails['ldap_uid'] = 'sAMAccountName' gitlab_rails['ldap_method'] = 'plain' # 'ssl' or 'plain' gitlab_rails['ldap_bind_dn'] = 'OU=Users,DC=dom,DC=com,DC=net' gitlab_rails['ldap_password'] = '????' gitlab_rails['ldap_allow_username_or_email_login'] = true gitlab_rails['ldap_base'] = 'DC=dom,DC=com,DC=net'

What ldap_bind_dn must be installed for Gitlab to work (equivalent to user account)?

What ldap_password should be set for gitlab to work?

I followed the suggestions from @metaDiego and @heinglandreas. Both were on the right track. Therefore, I changed the settings in the lines:

Decision

 gitlab_rails['ldap_bind_dn'] = 'CN=the_allowed_user_for_access_ldap,OU=Users,DC=dom,DC=com,DC=net' gitlab_rails['ldap_password'] = 'the_password_of_allowed_user'

ldap_bind_dn may vary depending on the structure of AD and the current level at which the authorized user is located.

My AD company does not allow anonymous Ldap requests. Therefore, the addition of these parameters was mandatory.

Find help from domain administrators to get these options.

Githlabhq useful article on Github

If gitlab_rails['ldap_allow_username_or_email_login'] = true , the login user can be in the email format or only a domain user.

Gitlab authentication form

+6
source share
2 answers

ldap_bind_dn must be the user DN which has read access to LDAP. As far as I can see, you are pointing to the directory structure using OU=Users,DC=dom,DC=com,DC=net . You will need to use this user password as `` ``

So ldap_bind_dn should read something like uid=userid,OU=Users,DC=com,DC=com,DC=net , and ldap_password should be userid password.

On some LDAP servers, ldap_bind_dn can be left blank because they allow anonymous binding. In this case, ldap_password should also be left blank.

It makes sense? Otherwise, feel free to comment!

+3
source

I have a working LDAP conf GitLab, and the password field should match the user bind_dn that you selected.

 gitlab_rails['ldap_base'] = 'ou=somehting,dc=foo,dc=bar' gitlab_rails['ldap_bind_dn'] = 'uid=SOMEONE,ou=somehting,dc=foo,dc=bar' gitlab_rails['ldap_password'] = 'SOMEONE_PASSWORD'

  • ldap_base is a user search

  • ldap_bind_dn is "a user on an external LDAP server that is allowed to search the LDAP directory within a specific search base."

  • ldap_password - password for bind_dn user. Therefore, in your case, it should match the user password OU=Users .

+2
source

Source: https://habr.com/ru/post/973135/

More articles:


All Articles