Commit d41cf41bc31a39429c0b59d34d27d01dc04cbeac
1 parent
c2dec248
Exists in
master
LDAP Install Instructions for Gitlab
Showing
3 changed files
with
154 additions
and
0 deletions
Show diff stats
... | ... | @@ -0,0 +1,33 @@ |
1 | +dn: ou=Users,dc=colab,dc=dev | |
2 | +objectClass: organizationalUnit | |
3 | +ou: Users | |
4 | + | |
5 | +dn: uid=jsmith,ou=Users,dc=colab,dc=dev | |
6 | +objectClass: organizationalPerson | |
7 | +objectClass: person | |
8 | +objectClass: top | |
9 | +objectClass: inetOrgPerson | |
10 | +objectClass: posixAccount | |
11 | +objectClass: shadowAccount | |
12 | +uid: jsmith | |
13 | +sn: Smith | |
14 | +givenName: John | |
15 | +cn: John Smith | |
16 | +displayName: John Smith | |
17 | +uidNumber: 10000 | |
18 | +gidNumber: 10000 | |
19 | +userPassword: test | |
20 | +gecos: John Smith | |
21 | +loginShell: /bin/bash | |
22 | +homeDirectory: /profiles/jsmith | |
23 | +mail: gustmax@hotmail.com | |
24 | +telephoneNumber: 000-000-0000 | |
25 | +st: NY | |
26 | +manager: uid=jsmith,ou=Users,dc=colab,dc=dev | |
27 | +shadowExpire: -1 | |
28 | +shadowFlag: 0 | |
29 | +shadowWarning: 7 | |
30 | +shadowMin: 8 | |
31 | +shadowMax: 999999 | |
32 | +shadowLastChange: 10877 | |
33 | +title: System Administrator | ... | ... |
... | ... | @@ -0,0 +1,117 @@ |
1 | +[extracted from: https://gitlab.com/gitlab-org/cookbook-gitlab/blob/master/doc/open_LDAP.md] | |
2 | +### Gitlab OpenLDAP setup | |
3 | + | |
4 | +#### Description | |
5 | + | |
6 | +This guide will help you setup OpenLDAP in case you need an LDAP server in your dev environment for GitLab. | |
7 | + | |
8 | +#### Setup | |
9 | + | |
10 | +install open ldap: | |
11 | + | |
12 | +```bash | |
13 | +sudo apt-get install slapd ldap-utils -y | |
14 | +``` | |
15 | + | |
16 | +This will prompt a setup window so we need to populate it with the correct credentials. | |
17 | + | |
18 | +When asked for administrator password use `colabldap`. | |
19 | +Repeat the password to confirm it. | |
20 | + | |
21 | +We will use the advantage of slapd setup to fully configure LDAP instead of filling in the details by hand in a text file: | |
22 | + | |
23 | +```bash | |
24 | +sudo dpkg-reconfigure slapd | |
25 | +``` | |
26 | +Answer the following questions: | |
27 | + | |
28 | +*You will be asked to omit OpenLDAP server configuration: `No` | |
29 | +*Under DNS domain name fill in: `colab.dev` | |
30 | +*Under organization name fill in: `colab.dev` | |
31 | +*Under administrator password fill in: `colabldap` | |
32 | +*Repeat password: `colabldap | |
33 | +*Database backend to use, select: `HDB` | |
34 | +*Do you want database to be removed when slapd is purged: `Yes` | |
35 | +*Move old database, choose: `Yes` | |
36 | +*Allow LDAPv2 protocol, choose: `No` | |
37 | + | |
38 | +** If at any point you get the error: ** | |
39 | + | |
40 | +``` | |
41 | +ldap_bind: Invalid credentials (49) | |
42 | +``` | |
43 | + | |
44 | +configure slapd again. | |
45 | + | |
46 | +Next, add index to make lookup easier, use the file index.ldif | |
47 | + | |
48 | +```bash | |
49 | +sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f index.ldif | |
50 | +``` | |
51 | + | |
52 | +This should produce the following output: | |
53 | + | |
54 | +``` | |
55 | +modifying entry "olcDatabase={1}hdb,cn=config" | |
56 | +``` | |
57 | +If this is not the case recheck your steps and try again. | |
58 | + | |
59 | +You can verify that all is working: | |
60 | + | |
61 | +```bash | |
62 | +sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={1}hdb)' olcDbIndex | |
63 | +``` | |
64 | +This should produce the following output: | |
65 | + | |
66 | +``` | |
67 | +dn: olcDatabase={1}hdb,cn=config | |
68 | +olcDbIndex: objectClass eq | |
69 | +olcDbIndex: uid eq,pres,sub | |
70 | +``` | |
71 | +If this is not the case recheck your steps and try again. | |
72 | + | |
73 | +Next step is to create an ldap user. | |
74 | + | |
75 | +Add the user to the LDAP database: | |
76 | + | |
77 | +```bash | |
78 | +ldapadd -x -D cn=admin,dc=colab,dc=dev -w colabldap -f base.ldif | |
79 | +``` | |
80 | + | |
81 | +This should produce the following output: | |
82 | + | |
83 | +``` | |
84 | +adding new entry "ou=Users,dc=colab,dc=dev" | |
85 | + | |
86 | +adding new entry "uid=jsmith,ou=Users,dc=colab,dc=dev" | |
87 | +``` | |
88 | +If this is not the case recheck your steps and try again. | |
89 | + | |
90 | +To confirm that the user is in LDAP, use: | |
91 | + | |
92 | +```bash | |
93 | +ldapsearch -x -LLL -b dc=colab,dc=dev 'uid=jsmith' uid uidNumber displayName | |
94 | +``` | |
95 | +and that should produce the output that looks like: | |
96 | + | |
97 | +``` | |
98 | +dn: uid=jsmith,ou=Users,dc=colab,dc=dev | |
99 | +uid: jsmith | |
100 | +displayName: John Smith | |
101 | +uidNumber: 10000 | |
102 | +``` | |
103 | +This would complete setting up the OpenLDAP server. Only thing that is left to do is to give the correct details to GitLab. | |
104 | +Under `gitlab.yml` there is a LDAP section that should look like this: | |
105 | + | |
106 | +``` | |
107 | + ## LDAP settings | |
108 | + ldap: | |
109 | + enabled: true | |
110 | + host: 'colab.dev' | |
111 | + base: 'dc=colab,dc=dev' | |
112 | + port: 389 | |
113 | + uid: 'uid' | |
114 | + method: 'plain' # "ssl" or "plain" | |
115 | + bind_dn: 'cn=admin,dc=colab,dc=dev' | |
116 | + password: 'colabldap' | |
117 | +``` | ... | ... |