Using Open Directory with Gitlab

So along the same lines as my previous post, I was tasked with migrating authentication for our GitLab service from OpenLDAP to Open Directory, and again… not much to be found online! Most of what I found was very hacky and involved inserting another auth provider into the gitlab code (something which seems like a bad idea in a production environment, as it would almost certainly fail in future updates).

But, having just come off my victory with apache2, I decided to see if I could make GitLab query OD and have OD do all the work.

So, here are the old, OpenLDAP settings:

## LDAP settings
ldap:
enabled: true
host: ‘ipaddress’
base: ‘dc=example,dc=com’
port: 389
uid: ‘uid’
method: ‘plain’ # “ssl” or “plain”
bind_dn: ‘cn=admin,dc=example,dc=com’
password: ‘password’

And here is what I fashioned out of OD:

## LDAP settings
ldap:
enabled: true
host: ’ipaddress’
base: ‘dc=ldap,dc=example,dc=com’
port: 389
uid: ‘uid’
method: ‘plain’ # “ssl” or “plain”
bind_dn: ‘uid=diradmin,cn=users,dc=ldap,dc=example,dc=com’
password: ‘password’

And there you have it!

During the migration I did notice that users had to sign in to the webgui before they could push and pull code, but that is most likely a result of their openLDAP accounts not existing anymore. I made sure all the uids were the same as before, and everything linked up without an issue. This is of course only an issue during a migration.

 
2
Kudos
 
2
Kudos

Now read this

Managing certificates with Chef and Windows

Managing stuff on windows with Chef can be tough.. Especially compared to Linux systems. I’ve been doing it like this: pfx.each do |pfx| s3_file 'c:/chef/' + pfx do remote_path '/' + pfx bucket 'chef' aws_access_key_id... Continue →