配置LDAP认证 (实验环境LDAP认证服务器类型为Microsoft AD)
编辑 /etc/gitlab/gitlab.rb配置文件:
### LDAP Settings ###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html ###! **Be careful not to break the indentation in the ldap_servers block. It is ###! in yaml format and the spaces must be retained. Using tabs will not work.** gitlab_rails['ldap_enabled'] = true ###! **remember to close this block with 'EOS' below** gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'LDAP' host: 'LDAP server IP' port: 389 uid: 'sAMAccountName' bind_dn: 'bindDN' #有查询权限的用户DN password: 'password' encryption: 'plain' # "start_tls" or "simple_tls" or "plain" verify_certificates: true smartcard_auth: false active_directory: true allow_username_or_email_login: true lowercase_usernames: false block_auto_created_users: false base: 'baseDN' user_filter: '' # ## EE only # group_base: '' # admin_group: '' # sync_ssh_keys: false # # secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server # label: 'LDAP' # host: '_your_ldap_server' # port: 389 # uid: 'sAMAccountName' # bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' # password: '_the_password_of_the_bind_user' # encryption: 'plain' # "start_tls" or "simple_tls" or "plain" # verify_certificates: true # smartcard_auth: false # active_directory: true # allow_username_or_email_login: false # lowercase_usernames: false # block_auto_created_users: false # base: '' # user_filter: '' # ## EE only # group_base: '' # admin_group: '' # sync_ssh_keys: false EOS
修改完配置文件后,
gitlab-ctl reconfigure #重载配置文件
gitlab-rake gitlab:ldap:check #检查是否能够正常获取用户信息
gitlab-ctl restart重启后重新登录gitlab,登录页面会有LDAP方式:
SMTP配置 (实验环境中SMTP server类型为Microsoft Exchange)
编辑 /etc/gitlab/gitlab.rb配置文件:
### GitLab email server settings
###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
###! **Use smtp instead of sendmail/postfix.**
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "mail server"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "smtp user" # SMTP认证用户名
gitlab_rails['smtp_password'] = "smtp user password"
gitlab_rails['smtp_domain'] = "domain"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'none' #报openssl错误时,启用此选项
# gitlab_rails['smtp_tls'] = false
修改配置完成后
gitlab-ctl reconfigure #重载配置文件
gitlab-rails console进入控制台,发送测试邮件: Notify.test_email('receiver mail', 'title', 'content').deliver_now
如果出现如下SMTP权限错误,SMTPFatalError (550 5.7.60 SMTP; Client does not have permissions to send as this sender)
可能是SMTP server上的防垃圾邮件限制,此时需要在配置文件加上sender mail地址,确保smtp验证用户名和sender是一致的。
gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = 'sender address' #sender address和上段smtp认证用户名配置一致 gitlab_rails['gitlab_email_display_name'] = 'xxx' gitlab_rails['gitlab_email_reply_to'] = ''