Table of Contents
Set up LDAP authentication for Gitlab CE. This article will show you how to configure Gitlab CE to authenticate with the LDAP system.
If you’re just using yourself or your group of friends, you won’t need LDAP.
However, for many companies, centralized authentication is quite important. In the article, I use the Zimbra LDAP system, similar OpenLDAP or AD systems.
Set up LDAP authentication for Gitlab CE
Open the gitlab configuration file.
nano /etc/gitlab/gitlab.rbYou find the LDAP configuration section.
### LDAP Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
###! **Be careful not to break the indentation in the ldap_servers block. It is
###! in yaml format and the spaces must be retained. Using tabs will not work.**Edit the lines with the following content. The content after the # sign is the line comment.
gitlab_rails['ldap_enabled'] = true # Enable ldap authentication
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # Start the LDAP setup block
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP' # The label displays the login tab in the web interface
host: 'ldap.yourdomain.com' # Domain hoặc địa chỉ IP máy chủ LDAP
port: 389 # LDAP connection port
uid: 'uid' # Mapping UID (User ID)
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
active_directory: false # Do not use AD
allow_username_or_email_login: false # Only allow login with UID (do not use email address)
lowercase_usernames: true # Convert the entered UID content to lowercase
block_auto_created_users: false # Block automatically creates users
base: 'ou=people,dc=yourdomain,dc=com' # Browse the domain containing the user on LDAP
user_filter: '(objectclass=inetOrgPerson)' # User filter conditions
attributes: # Declare the mapping user attribute [ Gitlab = LDAP ]
username: ['uid', 'uid'] # Mapping uid = uid
email: ['mail', 'email'] # Mapping mail = email
name: 'cn' # Mapping name = cn
first_name: 'givenName' # Mapping first_name = givenName
last_name: 'sn' # Mapping last_name = sn
EOSNote that the configuration lines are inside the EOS block. You save the changed file again.
Test the LDAP connection
Now, you apply the new configurations to the Gitlab server.
gitlab-ctl reconfigureRestart the service.
gitlab-ctl restartFinally, you check the connection to LDAP through the following command.
gitlab-rake gitlab:ldap:checkConclusion
After performing the above steps successfully, you have set up LDAP authentication for your internal gitlab system. When you log in on the website, you will see an additional login tab label called LDAP.
