Set up LDAP authentication for Gitlab CE

by Daniel Pham
Published: Updated:
This entry is part 2 of 9 in the series Install Gitlab CE on Ubuntu 18

Set up LDAP authentication for Gitlab CE. This article will show you how to configure Gitlab CE to authenticate with the LDAP system.

If you’re just using yourself or your group of friends, you won’t need LDAP.

However, for many companies, centralized authentication is quite important. In the article, I use the Zimbra LDAP system, similar OpenLDAP or AD systems.

Set up LDAP authentication for Gitlab CE

Set up LDAP authentication for Gitlab CE
Set up LDAP authentication for Gitlab CE.

Open the gitlab configuration file.

nano /etc/gitlab/gitlab.rb

You find the LDAP configuration section.

### LDAP Settings
###! Docs:
###! **Be careful not to break the indentation in the ldap_servers block. It is
###!   in yaml format and the spaces must be retained. Using tabs will not work.**

Edit the lines with the following content. The content after the # sign is the line comment.

gitlab_rails['ldap_enabled'] = true                 # Enable ldap authentication

gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'   # Start the LDAP setup block
   main:                                            # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'                                  # The label displays the login tab in the web interface
     host: ''                    # Domain hoặc địa chỉ IP máy chủ LDAP
     port: 389                                      # LDAP connection port
     uid: 'uid'                                     # Mapping UID (User ID)
     encryption: 'plain'                            # "start_tls" or "simple_tls" or "plain"
     active_directory: false                        # Do not use AD
     allow_username_or_email_login: false           # Only allow login with UID (do not use email address)
     lowercase_usernames: true                      # Convert the entered UID content to lowercase
     block_auto_created_users: false                # Block automatically creates users
     base: 'ou=people,dc=yourdomain,dc=com'         # Browse the domain containing the user on LDAP
     user_filter: '(objectclass=inetOrgPerson)'     # User filter conditions
     attributes:                                    # Declare the mapping user attribute [ Gitlab = LDAP ]
       username: ['uid', 'uid']                     # Mapping uid = uid
       email:    ['mail', 'email']                  # Mapping mail = email
       name:       'cn'                             # Mapping name = cn
       first_name: 'givenName'                      # Mapping first_name = givenName
       last_name:  'sn'                             # Mapping last_name = sn

Note that the configuration lines are inside the EOS block. You save the changed file again.

Test the LDAP connection

Now, you apply the new configurations to the Gitlab server.

gitlab-ctl reconfigure

Restart the service.

gitlab-ctl restart

Finally, you check the connection to LDAP through the following command.

gitlab-rake gitlab:ldap:check


After performing the above steps successfully, you have set up LDAP authentication for your internal gitlab system. When you log in on the website, you will see an additional login tab label called LDAP.

0 0 votes
Article Rating
Series Navigation«« Previous part: Install Gitlab CE on Ubuntu 18.04Next part: Set up SMTP mail for Gitlab CE »»

You may also like

Notify of
Inline Feedbacks
View all comments

DevOps Lite is a personal blog specializing in technology with main topics about DevOps, DevSecOps, SRE and System Administrator. Articles are shared for free and contributed to the community.



Subscribe my Newsletter for new blog posts. Stay updated from your inbox!

© 2021-2024 – All rights reserved.

Please write sources “” when using articles from this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Would love your thoughts, please comment.x

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.