Teach you step by step how to deploy LDAP in GitLab

GitLab is an efficient code management tool that can help teams manage code more efficiently and achieve better collaboration. In a team, sometimes different permissions need to be granted to different people. In this case, LDAP needs to be used to authenticate GitLab. Next, let's learn how to deploy LDAP in GitLab.

1. Install the LDAP plug-in

First, before installing GitLab, you need to install the LDAP plug-in. After installing GitLab, we enter the GitLab installation directory and install the LDAP dependency package.

yum install openldap openldap-devel -y

After installing the dependent packages, we need to install GitLab’s LDAP plug-in. First, enter the GitLab plug-in directory:

cd /usr/share/gitlab/lib/gitlab/auth/backends/

Then, we need to download the tar package of the LDAP plug-in:

sudo curl -o ldap.tar.gz https://gitlab.com/gitlab-org/gitlab-ce/repository/archive.tar.gz?ref=master

Extract the tar package of the LDAP plug-in and overwrite the original file:

sudo tar -zxf ldap.tar.gz --strip-components 2 gitlab-ce-master/lib/gitlab/auth/backends/gitlab_ldap/

Re-execute the GitLab configuration:

sudo gitlab-ctl reconfigure

2. Configure LDAP

After installing the LDAP plug-in , we need to configure LDAP for GitLab. Open the GitLab configuration file and add the LDAP configuration content:

sudo vim /etc/gitlab/gitlab.rb

The main parameters we need to configure are as follows:

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-&#39;EOS&#39;
  main: # ‘main’其实是名称，可以根据实际情况进行配置，下面也需要使用同样的名称
    label: &#39;LDAP&#39;
    host: &#39;ldap.example.com&#39; # LDAP服务器地址
    port: 389 # LDAP服务器端口
    uid: &#39;sAMAccountName&#39; # 用户登录时需要使用的属性
    block_auto_created_users: false # 是否阻止自动创建
    bind_dn: &#39;CN=ldapuser,OU=Web Services,DC=example,DC=com&#39; # LDAP的管理员账户
    password: &#39;yourpassword&#39; # LDAP管理员账户的密码
    encryption: &#39;plain&#39; # 加密方式，plain或tls
    base: &#39;CN=Users,DC=example,DC=com&#39; # 查询的基础DN
    user_filter: &#39;&#39; # 根据需要设置用户筛选规则
EOS

After the configuration is completed, re-execute the GitLab configuration:

sudo gitlab-ctl reconfigure

3. Test the LDAP connection

After configuring LDAP, we need to test whether the LDAP connection is successful. First, we need to create a test account on LDAP, for example: testuser.

Use the ldapsearch command on the GitLab server to test the LDAP connection, for example:

ldapsearch -H ldap://ldap.example.com -x -b "CN=Users,DC=example,DC=com" -D "CN=ldapuser,OU=Web Services,DC=example,DC=com" -w 'yourpassword'

If the connection is successful, we can view the user information in LDAP, for example:

# testuser, Users, example.com
dn: CN=testuser,CN=Users,DC=example,DC=com
objectClass: top
objectClass: person
...

If the above appears message indicating that the connection is successful.

4. Enable LDAP in GitLab

After the LDAP connection is successful, we need to enable LDAP in GitLab. After LDAP is enabled, each LDAP user can log in to GitLab and use its allowed permissions.

In the GitLab user panel, click "Administrator area" -> "Settings" -> "LDAP", and then enable the LDAP option.

The main parameters we need to configure are as follows:

• "Host": LDAP server address
• "Port": LDAP server port
• " Base": LDAP's base DN

According to the situation, we can also modify the attribute name used when logging in, and add custom rules in the LDAP filter to filter specific users.

5. Summary

Through the introduction of this article, we can know how to deploy LDAP in GitLab. Enabling LDAP in GitLab can effectively manage users in the team, providing a good foundation for future development work.

The above is the detailed content of Teach you step by step how to deploy LDAP in GitLab. For more information, please follow other related articles on the PHP Chinese website!