Commit 6885379574e797358e909c0ac2ee77479dce2b03
1 parent
d8d33681
Exists in
master
removing LDAP instructions
Showing
3 changed files
with
0 additions
and
154 deletions
Show diff stats
LDAP-INSTALL/base.ldif
| @@ -1,33 +0,0 @@ | @@ -1,33 +0,0 @@ | ||
| 1 | -dn: ou=Users,dc=colab,dc=dev | ||
| 2 | -objectClass: organizationalUnit | ||
| 3 | -ou: Users | ||
| 4 | - | ||
| 5 | -dn: uid=jsmith,ou=Users,dc=colab,dc=dev | ||
| 6 | -objectClass: organizationalPerson | ||
| 7 | -objectClass: person | ||
| 8 | -objectClass: top | ||
| 9 | -objectClass: inetOrgPerson | ||
| 10 | -objectClass: posixAccount | ||
| 11 | -objectClass: shadowAccount | ||
| 12 | -uid: jsmith | ||
| 13 | -sn: Smith | ||
| 14 | -givenName: John | ||
| 15 | -cn: John Smith | ||
| 16 | -displayName: John Smith | ||
| 17 | -uidNumber: 10000 | ||
| 18 | -gidNumber: 10000 | ||
| 19 | -userPassword: test | ||
| 20 | -gecos: John Smith | ||
| 21 | -loginShell: /bin/bash | ||
| 22 | -homeDirectory: /profiles/jsmith | ||
| 23 | -mail: gustmax@hotmail.com | ||
| 24 | -telephoneNumber: 000-000-0000 | ||
| 25 | -st: NY | ||
| 26 | -manager: uid=jsmith,ou=Users,dc=colab,dc=dev | ||
| 27 | -shadowExpire: -1 | ||
| 28 | -shadowFlag: 0 | ||
| 29 | -shadowWarning: 7 | ||
| 30 | -shadowMin: 8 | ||
| 31 | -shadowMax: 999999 | ||
| 32 | -shadowLastChange: 10877 | ||
| 33 | -title: System Administrator |
LDAP-INSTALL/index.ldif
LDAP-INSTALL/ldap_for_gitlab.md
| @@ -1,117 +0,0 @@ | @@ -1,117 +0,0 @@ | ||
| 1 | -[extracted from: https://gitlab.com/gitlab-org/cookbook-gitlab/blob/master/doc/open_LDAP.md] | ||
| 2 | -### Gitlab OpenLDAP setup | ||
| 3 | - | ||
| 4 | -#### Description | ||
| 5 | - | ||
| 6 | -This guide will help you setup OpenLDAP in case you need an LDAP server in your dev environment for GitLab. | ||
| 7 | - | ||
| 8 | -#### Setup | ||
| 9 | - | ||
| 10 | -install open ldap: | ||
| 11 | - | ||
| 12 | -```bash | ||
| 13 | -sudo apt-get install slapd ldap-utils -y | ||
| 14 | -``` | ||
| 15 | - | ||
| 16 | -This will prompt a setup window so we need to populate it with the correct credentials. | ||
| 17 | - | ||
| 18 | -When asked for administrator password use `colabldap`. | ||
| 19 | -Repeat the password to confirm it. | ||
| 20 | - | ||
| 21 | -We will use the advantage of slapd setup to fully configure LDAP instead of filling in the details by hand in a text file: | ||
| 22 | - | ||
| 23 | -```bash | ||
| 24 | -sudo dpkg-reconfigure slapd | ||
| 25 | -``` | ||
| 26 | -Answer the following questions: | ||
| 27 | - | ||
| 28 | -*You will be asked to omit OpenLDAP server configuration: `No` | ||
| 29 | -*Under DNS domain name fill in: `colab.dev` | ||
| 30 | -*Under organization name fill in: `colab.dev` | ||
| 31 | -*Under administrator password fill in: `colabldap` | ||
| 32 | -*Repeat password: `colabldap | ||
| 33 | -*Database backend to use, select: `HDB` | ||
| 34 | -*Do you want database to be removed when slapd is purged: `Yes` | ||
| 35 | -*Move old database, choose: `Yes` | ||
| 36 | -*Allow LDAPv2 protocol, choose: `No` | ||
| 37 | - | ||
| 38 | -** If at any point you get the error: ** | ||
| 39 | - | ||
| 40 | -``` | ||
| 41 | -ldap_bind: Invalid credentials (49) | ||
| 42 | -``` | ||
| 43 | - | ||
| 44 | -configure slapd again. | ||
| 45 | - | ||
| 46 | -Next, add index to make lookup easier, use the file index.ldif | ||
| 47 | - | ||
| 48 | -```bash | ||
| 49 | -sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f index.ldif | ||
| 50 | -``` | ||
| 51 | - | ||
| 52 | -This should produce the following output: | ||
| 53 | - | ||
| 54 | -``` | ||
| 55 | -modifying entry "olcDatabase={1}hdb,cn=config" | ||
| 56 | -``` | ||
| 57 | -If this is not the case recheck your steps and try again. | ||
| 58 | - | ||
| 59 | -You can verify that all is working: | ||
| 60 | - | ||
| 61 | -```bash | ||
| 62 | -sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={1}hdb)' olcDbIndex | ||
| 63 | -``` | ||
| 64 | -This should produce the following output: | ||
| 65 | - | ||
| 66 | -``` | ||
| 67 | -dn: olcDatabase={1}hdb,cn=config | ||
| 68 | -olcDbIndex: objectClass eq | ||
| 69 | -olcDbIndex: uid eq,pres,sub | ||
| 70 | -``` | ||
| 71 | -If this is not the case recheck your steps and try again. | ||
| 72 | - | ||
| 73 | -Next step is to create an ldap user. | ||
| 74 | - | ||
| 75 | -Add the user to the LDAP database: | ||
| 76 | - | ||
| 77 | -```bash | ||
| 78 | -ldapadd -x -D cn=admin,dc=colab,dc=dev -w colabldap -f base.ldif | ||
| 79 | -``` | ||
| 80 | - | ||
| 81 | -This should produce the following output: | ||
| 82 | - | ||
| 83 | -``` | ||
| 84 | -adding new entry "ou=Users,dc=colab,dc=dev" | ||
| 85 | - | ||
| 86 | -adding new entry "uid=jsmith,ou=Users,dc=colab,dc=dev" | ||
| 87 | -``` | ||
| 88 | -If this is not the case recheck your steps and try again. | ||
| 89 | - | ||
| 90 | -To confirm that the user is in LDAP, use: | ||
| 91 | - | ||
| 92 | -```bash | ||
| 93 | -ldapsearch -x -LLL -b dc=colab,dc=dev 'uid=jsmith' uid uidNumber displayName | ||
| 94 | -``` | ||
| 95 | -and that should produce the output that looks like: | ||
| 96 | - | ||
| 97 | -``` | ||
| 98 | -dn: uid=jsmith,ou=Users,dc=colab,dc=dev | ||
| 99 | -uid: jsmith | ||
| 100 | -displayName: John Smith | ||
| 101 | -uidNumber: 10000 | ||
| 102 | -``` | ||
| 103 | -This would complete setting up the OpenLDAP server. Only thing that is left to do is to give the correct details to GitLab. | ||
| 104 | -Under `gitlab.yml` there is a LDAP section that should look like this: | ||
| 105 | - | ||
| 106 | -``` | ||
| 107 | - ## LDAP settings | ||
| 108 | - ldap: | ||
| 109 | - enabled: true | ||
| 110 | - host: 'colab.dev' | ||
| 111 | - base: 'dc=colab,dc=dev' | ||
| 112 | - port: 389 | ||
| 113 | - uid: 'uid' | ||
| 114 | - method: 'plain' # "ssl" or "plain" | ||
| 115 | - bind_dn: 'cn=admin,dc=colab,dc=dev' | ||
| 116 | - password: 'colabldap' | ||
| 117 | -``` |