Commit d41cf41bc31a39429c0b59d34d27d01dc04cbeac
1 parent
c2dec248
Exists in
master
LDAP Install Instructions for Gitlab
Showing
3 changed files
with
154 additions
and
0 deletions
Show diff stats
| @@ -0,0 +1,33 @@ | @@ -0,0 +1,33 @@ | ||
| 1 | +dn: ou=Users,dc=colab,dc=dev | ||
| 2 | +objectClass: organizationalUnit | ||
| 3 | +ou: Users | ||
| 4 | + | ||
| 5 | +dn: uid=jsmith,ou=Users,dc=colab,dc=dev | ||
| 6 | +objectClass: organizationalPerson | ||
| 7 | +objectClass: person | ||
| 8 | +objectClass: top | ||
| 9 | +objectClass: inetOrgPerson | ||
| 10 | +objectClass: posixAccount | ||
| 11 | +objectClass: shadowAccount | ||
| 12 | +uid: jsmith | ||
| 13 | +sn: Smith | ||
| 14 | +givenName: John | ||
| 15 | +cn: John Smith | ||
| 16 | +displayName: John Smith | ||
| 17 | +uidNumber: 10000 | ||
| 18 | +gidNumber: 10000 | ||
| 19 | +userPassword: test | ||
| 20 | +gecos: John Smith | ||
| 21 | +loginShell: /bin/bash | ||
| 22 | +homeDirectory: /profiles/jsmith | ||
| 23 | +mail: gustmax@hotmail.com | ||
| 24 | +telephoneNumber: 000-000-0000 | ||
| 25 | +st: NY | ||
| 26 | +manager: uid=jsmith,ou=Users,dc=colab,dc=dev | ||
| 27 | +shadowExpire: -1 | ||
| 28 | +shadowFlag: 0 | ||
| 29 | +shadowWarning: 7 | ||
| 30 | +shadowMin: 8 | ||
| 31 | +shadowMax: 999999 | ||
| 32 | +shadowLastChange: 10877 | ||
| 33 | +title: System Administrator |
| @@ -0,0 +1,117 @@ | @@ -0,0 +1,117 @@ | ||
| 1 | +[extracted from: https://gitlab.com/gitlab-org/cookbook-gitlab/blob/master/doc/open_LDAP.md] | ||
| 2 | +### Gitlab OpenLDAP setup | ||
| 3 | + | ||
| 4 | +#### Description | ||
| 5 | + | ||
| 6 | +This guide will help you setup OpenLDAP in case you need an LDAP server in your dev environment for GitLab. | ||
| 7 | + | ||
| 8 | +#### Setup | ||
| 9 | + | ||
| 10 | +install open ldap: | ||
| 11 | + | ||
| 12 | +```bash | ||
| 13 | +sudo apt-get install slapd ldap-utils -y | ||
| 14 | +``` | ||
| 15 | + | ||
| 16 | +This will prompt a setup window so we need to populate it with the correct credentials. | ||
| 17 | + | ||
| 18 | +When asked for administrator password use `colabldap`. | ||
| 19 | +Repeat the password to confirm it. | ||
| 20 | + | ||
| 21 | +We will use the advantage of slapd setup to fully configure LDAP instead of filling in the details by hand in a text file: | ||
| 22 | + | ||
| 23 | +```bash | ||
| 24 | +sudo dpkg-reconfigure slapd | ||
| 25 | +``` | ||
| 26 | +Answer the following questions: | ||
| 27 | + | ||
| 28 | +*You will be asked to omit OpenLDAP server configuration: `No` | ||
| 29 | +*Under DNS domain name fill in: `colab.dev` | ||
| 30 | +*Under organization name fill in: `colab.dev` | ||
| 31 | +*Under administrator password fill in: `colabldap` | ||
| 32 | +*Repeat password: `colabldap | ||
| 33 | +*Database backend to use, select: `HDB` | ||
| 34 | +*Do you want database to be removed when slapd is purged: `Yes` | ||
| 35 | +*Move old database, choose: `Yes` | ||
| 36 | +*Allow LDAPv2 protocol, choose: `No` | ||
| 37 | + | ||
| 38 | +** If at any point you get the error: ** | ||
| 39 | + | ||
| 40 | +``` | ||
| 41 | +ldap_bind: Invalid credentials (49) | ||
| 42 | +``` | ||
| 43 | + | ||
| 44 | +configure slapd again. | ||
| 45 | + | ||
| 46 | +Next, add index to make lookup easier, use the file index.ldif | ||
| 47 | + | ||
| 48 | +```bash | ||
| 49 | +sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f index.ldif | ||
| 50 | +``` | ||
| 51 | + | ||
| 52 | +This should produce the following output: | ||
| 53 | + | ||
| 54 | +``` | ||
| 55 | +modifying entry "olcDatabase={1}hdb,cn=config" | ||
| 56 | +``` | ||
| 57 | +If this is not the case recheck your steps and try again. | ||
| 58 | + | ||
| 59 | +You can verify that all is working: | ||
| 60 | + | ||
| 61 | +```bash | ||
| 62 | +sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={1}hdb)' olcDbIndex | ||
| 63 | +``` | ||
| 64 | +This should produce the following output: | ||
| 65 | + | ||
| 66 | +``` | ||
| 67 | +dn: olcDatabase={1}hdb,cn=config | ||
| 68 | +olcDbIndex: objectClass eq | ||
| 69 | +olcDbIndex: uid eq,pres,sub | ||
| 70 | +``` | ||
| 71 | +If this is not the case recheck your steps and try again. | ||
| 72 | + | ||
| 73 | +Next step is to create an ldap user. | ||
| 74 | + | ||
| 75 | +Add the user to the LDAP database: | ||
| 76 | + | ||
| 77 | +```bash | ||
| 78 | +ldapadd -x -D cn=admin,dc=colab,dc=dev -w colabldap -f base.ldif | ||
| 79 | +``` | ||
| 80 | + | ||
| 81 | +This should produce the following output: | ||
| 82 | + | ||
| 83 | +``` | ||
| 84 | +adding new entry "ou=Users,dc=colab,dc=dev" | ||
| 85 | + | ||
| 86 | +adding new entry "uid=jsmith,ou=Users,dc=colab,dc=dev" | ||
| 87 | +``` | ||
| 88 | +If this is not the case recheck your steps and try again. | ||
| 89 | + | ||
| 90 | +To confirm that the user is in LDAP, use: | ||
| 91 | + | ||
| 92 | +```bash | ||
| 93 | +ldapsearch -x -LLL -b dc=colab,dc=dev 'uid=jsmith' uid uidNumber displayName | ||
| 94 | +``` | ||
| 95 | +and that should produce the output that looks like: | ||
| 96 | + | ||
| 97 | +``` | ||
| 98 | +dn: uid=jsmith,ou=Users,dc=colab,dc=dev | ||
| 99 | +uid: jsmith | ||
| 100 | +displayName: John Smith | ||
| 101 | +uidNumber: 10000 | ||
| 102 | +``` | ||
| 103 | +This would complete setting up the OpenLDAP server. Only thing that is left to do is to give the correct details to GitLab. | ||
| 104 | +Under `gitlab.yml` there is a LDAP section that should look like this: | ||
| 105 | + | ||
| 106 | +``` | ||
| 107 | + ## LDAP settings | ||
| 108 | + ldap: | ||
| 109 | + enabled: true | ||
| 110 | + host: 'colab.dev' | ||
| 111 | + base: 'dc=colab,dc=dev' | ||
| 112 | + port: 389 | ||
| 113 | + uid: 'uid' | ||
| 114 | + method: 'plain' # "ssl" or "plain" | ||
| 115 | + bind_dn: 'cn=admin,dc=colab,dc=dev' | ||
| 116 | + password: 'colabldap' | ||
| 117 | +``` |