Gitlab 11.0.3汉化完成后,需要集成域控,现将域控的配置过程描述如下:
gitlab目录:/etc/gitlab
gitlab配置文件:/etc/gitlab/gitlab.rb
编辑gitlab.rb文件:
在gitlab.rb文件中修改下面配置,其中:
1.host,是搭建的ldap的ip,根据实际情况修改;
2.uid,可以配置cn,也可以配置uid,都能识别(具体为什么没深入研究);
3.bind_dn,ldap的管理员账号,根据实际情况修改;
4.password,ldap的管理员,根据实际情况修改;
5.active_directory,似乎是针对连接是否是ad域控的标示,因为这部分是ldap的配置,故为false;
6.allow_username_or_email_login,用户登录是否用户名和邮箱都可以,方便用户故配置true;
7.base,用户列表所在的目录,因为新增的用户都在ldap的People下,故这么配置,根据实际情况修改;
我的配置如下:
gitlab_rails['ldap_enabled'] = true
###!
**remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers']
= YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: '**.**.**.**'
port: 389
uid: 'sAMAccountName'
bind_dn: 'cn=***,cn=Users,dc=***,dc=****,dc=COM'
password: '*****'
encryption: 'plain' # "start_tls" or
"simple_tls" or "plain"
verify_certificates: true
active_directory: true
allow_username_or_email_login: true
lowercase_usernames: false
block_auto_created_users: false
base: 'OU=Users,OU=*****,DC=***,DC=*****,DC=COM'
user_filter: ''
## EE only
#
group_base: ''
#
admin_group: ''
#
sync_ssh_keys: false
#
#
secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP
server
#
label: 'LDAP'
#
host: '_your_ldap_server'
#
port: 389
#
uid: 'sAMAccountName'
#
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#
password: '_the_password_of_the_bind_user'
#
encryption: 'plain' # "start_tls" or
"simple_tls" or "plain"
#
verify_certificates: true
#
active_directory: true
#
allow_username_or_email_login: false
#
lowercase_usernames: false
#
block_auto_created_users: false
#
base: ''
#
user_filter: ''
#
## EE only
#
group_base: ''
#
admin_group: ''
#
sync_ssh_keys: false
EOS
配置完成后进行配置更新:
gitlab-ctl reconfigure
检查是否配置成功:
gitlab-rake gitlab:ldap:check(列出前100个用户)
重启gitlab服务:
gitlab-ctl restart