Skip to content

GitLab接入FreeIPA

Centos7安装Gitlab

Centos7安装FreeIPA

GitLab官网配置文件

按照官网的的配置,会报错如下:

gitlab_ldap_1

配置文件必须如下配置,否则会报错

gitlab_rails['ldap_enabled'] = true

gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main: 
    label: 'LDAP'
    host: 'ipa.bloodzer0.com'
    port: 389
    uid: 'uid'
    bind_dn: 'uid=admin,cn=users,cn=compat,dc=bloodzer0,dc=com'
    password: 'password2'
    encryption: 'plain'
    active_directory: ture
    allow_username_or_email_login: false
    lowercase_usernames: false
    block_auto_created_users: false
    base: 'cn=users,cn=compat,dc=bloodzer0,dc=com'
    user_filter: ''
EOS
gitlab-ctl reconfigure
gitlab-ctl restart

GitLab接入FreeIPA并实现权限配置

FreeIPA添加一个组,并添加一个用户

gitlab_ldap_2

修改GitLab的配置如下:

gitlab_rails['ldap_enabled'] = true

gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: 
    label: 'LDAP'
    host: 'ipa.bloodzer0.com'
    port: 389
    uid: 'uid'
    bind_dn: 'uid=admin,cn=users,cn=accounts,dc=bloodzer0,dc=com'
    password: 'password2'
    encryption: 'plain'
    active_directory: ture
    allow_username_or_email_login: false
    lowercase_usernames: false
    block_auto_created_users: false
    base: 'cn=users,cn=accounts,dc=bloodzer0,dc=com'
    user_filter: (memberOf=cn=gitlab_user,cn=groups,cn=accounts,dc=bloodzer0,dc=com) 
EOS

这个时候LDAP组内的用户就可以登录GitLab了。

gitlab_ldap_3