Instructions
This guide assumes that you have configured FreeIPA (default) and GitLab (Omni).
Set-up
Here’s what works:
- name, username, password
- sync updates from LDAP
- email should be set after first login via LDAP
1) FreeIPA
- Add a new user, ex.: ‘crowd’ and assign a password
- Make sure the user is in the group ‘ipausers’
2) GitLab
Open the config
nano /etc/gitlab/gitlab.rb
and look for the following section, and adjust accordingly.
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'ipa.domain.com'
port: 389
uid: 'uid'
bind_dn: 'uid=[new IPA user, ex.: crowd],cn=users,cn=accounts,dc=domain,dc=com'
password: '[password of new IPA user]'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: true
base: 'dc=domain,dc=com'
attributes:
username: ['uid']
email: ['mail']
name: 'displayName'
first_name: 'givenName'
last_name: 'sn'
EOS
and run gitlab-ctl reconfigure to make sure the settings take effect.
3) Login to GitLab via LDAP
- Select ‘LDAP’ on the login screen
- Enter your username, not email
- After successful login, enter your Email in the profile field
What’s next?
- Connect FreeIPA LDAP with Atlassian Crowd
- Configure FreeIPA LDAP with Matrix
- Configure FreeIPA with GitLab LDAP - You are here
- Jira 1-click installation script (MYSQL, HTTPS, NGINX reverse)
- Confluence 1-click installation script (MYSQL, HTTPS, NGINX reverse)