1.gitlab开启并配置ldap
编辑gitlab.rb配置文件
打开编辑gitlab.rb配置文件:
vi /etc/gitlab/gitlab.rb
gitlab_rails['ldap_enabled'] = true
# gitlab_rails['prevent_ldap_sign_in'] = false
gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’
**EOS **为ldap相关配置,请参照个人ldap服务器进行相关配置。具体参数可以参照官方文档 https://docs.gitlab.com/ee/administration/auth/ldap/
###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP' ###可以自定义gitlab登陆况显示的名词
host: '10.0.4.25' ###ldap服务器地址
port: xxxx ###ldap端口(我是k8s中搭建的故不是默认的389)
uid: 'cn' ###ldap登陆的用户名
bind_dn: 'cn=admin,dc=xxxx,dc=com' #绑定的用户的完整 DN
password: 'xxxxxxxx' ##绑定用户的密码
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: false
smartcard_auth: false
active_directory: flase
allow_username_or_email_login: false ###邮箱用户是否可以登陆
lowercase_usernames: false
block_auto_created_users: false ####不允许用户注册
base: 'ou=devops,dc=xxxx,dc=com' ###用户的搜索域
user_filter: ''
## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
#
# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
# label: 'LDAP'
# host: '_your_ldap_server'
# port: 389
# uid: 'sAMAccountName'
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
# password: '_the_password_of_the_bind_user'
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
# smartcard_auth: false
# active_directory: true
# allow_username_or_email_login: false
# lowercase_usernames: false
# block_auto_created_users: false
# base: ''
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
EOS
重置加载配置:
gitlab-ctl reconfigure
重启gitlb服务:
gitlab-ctl restart
小彩蛋命令百度来的:
gitlab-rake gitlab:ldap:check
PS:
参考
https://blog.51cto.com/saynaihe/6099130