From d41cf41bc31a39429c0b59d34d27d01dc04cbeac Mon Sep 17 00:00:00 2001 From: Matheus Faria Date: Wed, 16 Apr 2014 12:17:51 -0300 Subject: [PATCH] LDAP Install Instructions for Gitlab --- LDAP-INSTALL/base.ldif | 33 +++++++++++++++++++++++++++++++++ LDAP-INSTALL/index.ldif | 4 ++++ LDAP-INSTALL/ldap_for_gitlab.md | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 154 insertions(+), 0 deletions(-) create mode 100644 LDAP-INSTALL/base.ldif create mode 100644 LDAP-INSTALL/index.ldif create mode 100644 LDAP-INSTALL/ldap_for_gitlab.md diff --git a/LDAP-INSTALL/base.ldif b/LDAP-INSTALL/base.ldif new file mode 100644 index 0000000..f93334c --- /dev/null +++ b/LDAP-INSTALL/base.ldif @@ -0,0 +1,33 @@ +dn: ou=Users,dc=colab,dc=dev +objectClass: organizationalUnit +ou: Users + +dn: uid=jsmith,ou=Users,dc=colab,dc=dev +objectClass: organizationalPerson +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +uid: jsmith +sn: Smith +givenName: John +cn: John Smith +displayName: John Smith +uidNumber: 10000 +gidNumber: 10000 +userPassword: test +gecos: John Smith +loginShell: /bin/bash +homeDirectory: /profiles/jsmith +mail: gustmax@hotmail.com +telephoneNumber: 000-000-0000 +st: NY +manager: uid=jsmith,ou=Users,dc=colab,dc=dev +shadowExpire: -1 +shadowFlag: 0 +shadowWarning: 7 +shadowMin: 8 +shadowMax: 999999 +shadowLastChange: 10877 +title: System Administrator diff --git a/LDAP-INSTALL/index.ldif b/LDAP-INSTALL/index.ldif new file mode 100644 index 0000000..08266a1 --- /dev/null +++ b/LDAP-INSTALL/index.ldif @@ -0,0 +1,4 @@ +dn: olcDatabase={1}hdb,cn=config +changetype: modify +add: olcDbIndex +olcDbIndex: uid eq,pres,sub diff --git a/LDAP-INSTALL/ldap_for_gitlab.md b/LDAP-INSTALL/ldap_for_gitlab.md new file mode 100644 index 0000000..153f59d --- /dev/null +++ b/LDAP-INSTALL/ldap_for_gitlab.md @@ -0,0 +1,117 @@ +[extracted from: https://gitlab.com/gitlab-org/cookbook-gitlab/blob/master/doc/open_LDAP.md] +### Gitlab OpenLDAP setup + +#### Description + +This guide will help you setup OpenLDAP in case you need an LDAP server in your dev environment for GitLab. + +#### Setup + +install open ldap: + +```bash +sudo apt-get install slapd ldap-utils -y +``` + +This will prompt a setup window so we need to populate it with the correct credentials. + +When asked for administrator password use `colabldap`. +Repeat the password to confirm it. + +We will use the advantage of slapd setup to fully configure LDAP instead of filling in the details by hand in a text file: + +```bash +sudo dpkg-reconfigure slapd +``` +Answer the following questions: + +*You will be asked to omit OpenLDAP server configuration: `No` +*Under DNS domain name fill in: `colab.dev` +*Under organization name fill in: `colab.dev` +*Under administrator password fill in: `colabldap` +*Repeat password: `colabldap +*Database backend to use, select: `HDB` +*Do you want database to be removed when slapd is purged: `Yes` +*Move old database, choose: `Yes` +*Allow LDAPv2 protocol, choose: `No` + +** If at any point you get the error: ** + +``` +ldap_bind: Invalid credentials (49) +``` + +configure slapd again. + +Next, add index to make lookup easier, use the file index.ldif + +```bash +sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f index.ldif +``` + +This should produce the following output: + +``` +modifying entry "olcDatabase={1}hdb,cn=config" +``` +If this is not the case recheck your steps and try again. + +You can verify that all is working: + +```bash +sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={1}hdb)' olcDbIndex +``` +This should produce the following output: + +``` +dn: olcDatabase={1}hdb,cn=config +olcDbIndex: objectClass eq +olcDbIndex: uid eq,pres,sub +``` +If this is not the case recheck your steps and try again. + +Next step is to create an ldap user. + +Add the user to the LDAP database: + +```bash +ldapadd -x -D cn=admin,dc=colab,dc=dev -w colabldap -f base.ldif +``` + +This should produce the following output: + +``` +adding new entry "ou=Users,dc=colab,dc=dev" + +adding new entry "uid=jsmith,ou=Users,dc=colab,dc=dev" +``` +If this is not the case recheck your steps and try again. + +To confirm that the user is in LDAP, use: + +```bash +ldapsearch -x -LLL -b dc=colab,dc=dev 'uid=jsmith' uid uidNumber displayName +``` +and that should produce the output that looks like: + +``` +dn: uid=jsmith,ou=Users,dc=colab,dc=dev +uid: jsmith +displayName: John Smith +uidNumber: 10000 +``` +This would complete setting up the OpenLDAP server. Only thing that is left to do is to give the correct details to GitLab. +Under `gitlab.yml` there is a LDAP section that should look like this: + +``` + ## LDAP settings + ldap: + enabled: true + host: 'colab.dev' + base: 'dc=colab,dc=dev' + port: 389 + uid: 'uid' + method: 'plain' # "ssl" or "plain" + bind_dn: 'cn=admin,dc=colab,dc=dev' + password: 'colabldap' +``` -- libgit2 0.21.2