gitlab配置ldap Active Directory认证


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
gitlab_rails['ldap_enabled'] = true
! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'Active Directory'
host: 'xxx.bbb.com'
port: 389
uid: 'sAMAccountName'
bind_dn: 'username@xxx.bbb.com'
password: '123456'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
active_directory: true
allow_username_or_email_login: true
# lowercase_usernames: false
block_auto_created_users: false
base: 'dc=xxx,dc=bbb,dc=com'
user_filter: ''
EOS

注意main前面有一个空格,main下面的配置前面有两个空格,EOS前面没空格。
配置完之后重新加载配置文件:
gitlab-ctl reconfigure
测试是否可以获取与用户信息:
gitlab-rake gitlab:ldap:check
如果没有报错就表示配置正确。

配置过程中有可能会报错:
Server: ldapmain
LDAP authentication... Failed. Check `bind_dn` and `password` configuration values
LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP ... Finished
可以使用去测试,如果能获取到与用户信息就表示正常,不正常就改配置参数。
ldapsearch -H ldap://xxx.bbb.com -x -W -D "username@xxx.bbb.com" -b "dc=xxx,dc=bbb,dc=com" "(sAMAccountName=username)"


Whatever is worth doing is worth doing well.