Commit d41cf41bc31a39429c0b59d34d27d01dc04cbeac
1 parent
c2dec248
Exists in
master
LDAP Install Instructions for Gitlab
Showing
3 changed files
with
154 additions
and
0 deletions
Show diff stats
| ... | ... | @@ -0,0 +1,33 @@ |
| 1 | +dn: ou=Users,dc=colab,dc=dev | |
| 2 | +objectClass: organizationalUnit | |
| 3 | +ou: Users | |
| 4 | + | |
| 5 | +dn: uid=jsmith,ou=Users,dc=colab,dc=dev | |
| 6 | +objectClass: organizationalPerson | |
| 7 | +objectClass: person | |
| 8 | +objectClass: top | |
| 9 | +objectClass: inetOrgPerson | |
| 10 | +objectClass: posixAccount | |
| 11 | +objectClass: shadowAccount | |
| 12 | +uid: jsmith | |
| 13 | +sn: Smith | |
| 14 | +givenName: John | |
| 15 | +cn: John Smith | |
| 16 | +displayName: John Smith | |
| 17 | +uidNumber: 10000 | |
| 18 | +gidNumber: 10000 | |
| 19 | +userPassword: test | |
| 20 | +gecos: John Smith | |
| 21 | +loginShell: /bin/bash | |
| 22 | +homeDirectory: /profiles/jsmith | |
| 23 | +mail: gustmax@hotmail.com | |
| 24 | +telephoneNumber: 000-000-0000 | |
| 25 | +st: NY | |
| 26 | +manager: uid=jsmith,ou=Users,dc=colab,dc=dev | |
| 27 | +shadowExpire: -1 | |
| 28 | +shadowFlag: 0 | |
| 29 | +shadowWarning: 7 | |
| 30 | +shadowMin: 8 | |
| 31 | +shadowMax: 999999 | |
| 32 | +shadowLastChange: 10877 | |
| 33 | +title: System Administrator | ... | ... |
| ... | ... | @@ -0,0 +1,117 @@ |
| 1 | +[extracted from: https://gitlab.com/gitlab-org/cookbook-gitlab/blob/master/doc/open_LDAP.md] | |
| 2 | +### Gitlab OpenLDAP setup | |
| 3 | + | |
| 4 | +#### Description | |
| 5 | + | |
| 6 | +This guide will help you setup OpenLDAP in case you need an LDAP server in your dev environment for GitLab. | |
| 7 | + | |
| 8 | +#### Setup | |
| 9 | + | |
| 10 | +install open ldap: | |
| 11 | + | |
| 12 | +```bash | |
| 13 | +sudo apt-get install slapd ldap-utils -y | |
| 14 | +``` | |
| 15 | + | |
| 16 | +This will prompt a setup window so we need to populate it with the correct credentials. | |
| 17 | + | |
| 18 | +When asked for administrator password use `colabldap`. | |
| 19 | +Repeat the password to confirm it. | |
| 20 | + | |
| 21 | +We will use the advantage of slapd setup to fully configure LDAP instead of filling in the details by hand in a text file: | |
| 22 | + | |
| 23 | +```bash | |
| 24 | +sudo dpkg-reconfigure slapd | |
| 25 | +``` | |
| 26 | +Answer the following questions: | |
| 27 | + | |
| 28 | +*You will be asked to omit OpenLDAP server configuration: `No` | |
| 29 | +*Under DNS domain name fill in: `colab.dev` | |
| 30 | +*Under organization name fill in: `colab.dev` | |
| 31 | +*Under administrator password fill in: `colabldap` | |
| 32 | +*Repeat password: `colabldap | |
| 33 | +*Database backend to use, select: `HDB` | |
| 34 | +*Do you want database to be removed when slapd is purged: `Yes` | |
| 35 | +*Move old database, choose: `Yes` | |
| 36 | +*Allow LDAPv2 protocol, choose: `No` | |
| 37 | + | |
| 38 | +** If at any point you get the error: ** | |
| 39 | + | |
| 40 | +``` | |
| 41 | +ldap_bind: Invalid credentials (49) | |
| 42 | +``` | |
| 43 | + | |
| 44 | +configure slapd again. | |
| 45 | + | |
| 46 | +Next, add index to make lookup easier, use the file index.ldif | |
| 47 | + | |
| 48 | +```bash | |
| 49 | +sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f index.ldif | |
| 50 | +``` | |
| 51 | + | |
| 52 | +This should produce the following output: | |
| 53 | + | |
| 54 | +``` | |
| 55 | +modifying entry "olcDatabase={1}hdb,cn=config" | |
| 56 | +``` | |
| 57 | +If this is not the case recheck your steps and try again. | |
| 58 | + | |
| 59 | +You can verify that all is working: | |
| 60 | + | |
| 61 | +```bash | |
| 62 | +sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={1}hdb)' olcDbIndex | |
| 63 | +``` | |
| 64 | +This should produce the following output: | |
| 65 | + | |
| 66 | +``` | |
| 67 | +dn: olcDatabase={1}hdb,cn=config | |
| 68 | +olcDbIndex: objectClass eq | |
| 69 | +olcDbIndex: uid eq,pres,sub | |
| 70 | +``` | |
| 71 | +If this is not the case recheck your steps and try again. | |
| 72 | + | |
| 73 | +Next step is to create an ldap user. | |
| 74 | + | |
| 75 | +Add the user to the LDAP database: | |
| 76 | + | |
| 77 | +```bash | |
| 78 | +ldapadd -x -D cn=admin,dc=colab,dc=dev -w colabldap -f base.ldif | |
| 79 | +``` | |
| 80 | + | |
| 81 | +This should produce the following output: | |
| 82 | + | |
| 83 | +``` | |
| 84 | +adding new entry "ou=Users,dc=colab,dc=dev" | |
| 85 | + | |
| 86 | +adding new entry "uid=jsmith,ou=Users,dc=colab,dc=dev" | |
| 87 | +``` | |
| 88 | +If this is not the case recheck your steps and try again. | |
| 89 | + | |
| 90 | +To confirm that the user is in LDAP, use: | |
| 91 | + | |
| 92 | +```bash | |
| 93 | +ldapsearch -x -LLL -b dc=colab,dc=dev 'uid=jsmith' uid uidNumber displayName | |
| 94 | +``` | |
| 95 | +and that should produce the output that looks like: | |
| 96 | + | |
| 97 | +``` | |
| 98 | +dn: uid=jsmith,ou=Users,dc=colab,dc=dev | |
| 99 | +uid: jsmith | |
| 100 | +displayName: John Smith | |
| 101 | +uidNumber: 10000 | |
| 102 | +``` | |
| 103 | +This would complete setting up the OpenLDAP server. Only thing that is left to do is to give the correct details to GitLab. | |
| 104 | +Under `gitlab.yml` there is a LDAP section that should look like this: | |
| 105 | + | |
| 106 | +``` | |
| 107 | + ## LDAP settings | |
| 108 | + ldap: | |
| 109 | + enabled: true | |
| 110 | + host: 'colab.dev' | |
| 111 | + base: 'dc=colab,dc=dev' | |
| 112 | + port: 389 | |
| 113 | + uid: 'uid' | |
| 114 | + method: 'plain' # "ssl" or "plain" | |
| 115 | + bind_dn: 'cn=admin,dc=colab,dc=dev' | |
| 116 | + password: 'colabldap' | |
| 117 | +``` | ... | ... |