Using Open Directory with Gitlab

So along the same lines as my previous post, I was tasked with migrating authentication for our GitLab service from OpenLDAP to Open Directory, and again… not much to be found online! Most of what I found was very hacky and involved inserting another auth provider into the gitlab code (something which seems like a bad idea in a production environment, as it would almost certainly fail in future updates).

But, having just come off my victory with apache2, I decided to see if I could make GitLab query OD and have OD do all the work.

So, here are the old, OpenLDAP settings:

## LDAP settings
ldap:
enabled: true
host: ‘ipaddress’
base: ‘dc=example,dc=com’
port: 389
uid: ‘uid’
method: ‘plain’ # “ssl” or “plain”
bind_dn: ‘cn=admin,dc=example,dc=com’
password: ‘password’

And here is what I fashioned out of OD:

## LDAP settings
ldap:
enabled: true
host: ’ipaddress’
base: ‘dc=ldap,dc=example,dc=com’
port: 389
uid: ‘uid’
method: ‘plain’ # “ssl” or “plain”
bind_dn: ‘uid=diradmin,cn=users,dc=ldap,dc=example,dc=com’
password: ‘password’

And there you have it!

During the migration I did notice that users had to sign in to the webgui before they could push and pull code, but that is most likely a result of their openLDAP accounts not existing anymore. I made sure all the uids were the same as before, and everything linked up without an issue. This is of course only an issue during a migration.

 
2
Kudos
 
2
Kudos

Now read this

Devs without Admin

Most developers cringe a bit when they first hear that. How are they going to work? How are they going to test code and experiment with new technologies without admin rights? On the other hand, organizations like ours have hipaa and... Continue →