Gitlab安装
1
2
3
|
yum install -y curl policycoreutils-python openssh-server openssh-clients
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
sudo EXTERNAL_URL="https://gitlab.dianduidian.com" yum install -y gitlab-ce
|
集成LDAP认证
vim /etc/gitlab/gitlab.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'ldap.dianduidian.com'
port: 389
#用来获取用户名的属性
uid: 'cn'
bind_dn: 'cn=readonly,dc=dianduidian,dc=com'
password: '888888'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
# smartcard_auth: false
# active_directory: true
# allow_username_or_email_login: false
# lowercase_usernames: false
# block_auto_created_users: false
base: 'ou=people,dc=dianduidian,dc=com'
#通过memberOf属性限定指定组访问,需要ldap启用memberOf功能
user_filter: '(memberOf=cn=gitlab,ou=system,dc=dianduidian,dc=com)'
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
EOS
|
执行gitlab-ctl reconfigure使配置生效。
执行gitlab-rake gitlab:ldap:check 效验能否正常获取ldap用户信息。
参考
https://docs.gitlab.com/ee/administration/auth/ldap/