GitLab接入FreeIPA
按照官网的的配置,会报错如下:
配置文件必须如下配置,否则会报错
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'LDAP'
host: 'ipa.bloodzer0.com'
port: 389
uid: 'uid'
bind_dn: 'uid=admin,cn=users,cn=compat,dc=bloodzer0,dc=com'
password: 'password2'
encryption: 'plain'
active_directory: ture
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: 'cn=users,cn=compat,dc=bloodzer0,dc=com'
user_filter: ''
EOS
gitlab-ctl reconfigure
gitlab-ctl restart
GitLab接入FreeIPA并实现权限配置
FreeIPA添加一个组,并添加一个用户
修改GitLab的配置如下:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
label: 'LDAP'
host: 'ipa.bloodzer0.com'
port: 389
uid: 'uid'
bind_dn: 'uid=admin,cn=users,cn=accounts,dc=bloodzer0,dc=com'
password: 'password2'
encryption: 'plain'
active_directory: ture
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: 'cn=users,cn=accounts,dc=bloodzer0,dc=com'
user_filter: (memberOf=cn=gitlab_user,cn=groups,cn=accounts,dc=bloodzer0,dc=com)
EOS
这个时候LDAP组内的用户就可以登录GitLab了。
