If any organization has an LDAP directory service such as Active Directory, then GitLab can be configured to allow your users to sign with their LDAP credentials (i.e. Active Directory Credentials). The first time a user signs in with LDAP credentials, GitLab will create a new GitLab user associated with the LDAP Distinguished Name (DN) of the LDAP user.
The pre-requirements for the process of LDAP integration with Gitlab are described below. Please go through the integration process below and enter the configuration required details.
Gitlab – LDAP Integration Steps:
- The Initial configuration of LDAP in Gitlab requires changes to the ‘gitlab.rb’ configuration file (‘/etc/gitlab/gitlab.rb’). Some parameters need to be filled out in the ‘gitlab.rb’ file. We therefore required to set the following parameter values for Gitlab – LDAP integration in the ‘gitlab.rb’ file.
- Use the following command to reconfigure the
gitlab.rb
file after modifying thegitlab.rb
file.
# gitlab-ctl reconfigure
- If you are getting ‘Connection Refused’ errors when trying to connect to the LDAP server please double-check the LDAP port and method settings used by GitLab. Common combinations are method: ‘plain’ and port: 389, OR method: ‘ssl’ and port: 636.
Testing AD Server Connection:
- To test the connection in Unix, the ‘ldapsearch’ utility is required. This utility is included in openldap-clients package. So, to check the connection, we need the openldap-clients package.
- To test the connection in Windows, the ‘AdFind’ utility is required. This utility is a freeware. So, to check the connection, we need the AdFind utility.
Basic User Authentication:
- After configuring LDAP, basic authentication will be available. Users can then login using their directory credentials. An extra tab is added to the GitLab login screen for the configured LDAP server (e.g. “GitLab AD”).
Conclusion
Integration of GitLab with Active Directory (LDAP) reduces the complexity of user management. It has the advantage of improving user permission controls, while easing the deployment of GitLab into an existing setup.