Using Open Directory with Gitlab
So along the same lines as my previous post, I was tasked with migrating authentication for our GitLab service from OpenLDAP to Open Directory, and again… not much to be found online! Most of what I found was very hacky and involved inserting another auth provider into the gitlab code (something which seems like a bad idea in a production environment, as it would almost certainly fail in future updates).
But, having just come off my victory with apache2, I decided to see if I could make GitLab query OD and have OD do all the work.
So, here are the old, OpenLDAP settings:
## LDAP settings
ldap:
enabled: true
host: ‘ipaddress’
base: ‘dc=example,dc=com’
port: 389
uid: ‘uid’
method: ‘plain’ # “ssl” or “plain”
bind_dn: ‘cn=admin,dc=example,dc=com’
password: ‘password’
And here is what I fashioned out of OD:
## LDAP settings
ldap:
enabled: true
host: ’ipaddress’
base: ‘dc=ldap,dc=example,dc=com’
port: 389
uid: ‘uid’
method: ‘plain’ # “ssl” or “plain”
bind_dn: ‘uid=diradmin,cn=users,dc=ldap,dc=example,dc=com’
password: ‘password’
And there you have it!
During the migration I did notice that users had to sign in to the webgui before they could push and pull code, but that is most likely a result of their openLDAP accounts not existing anymore. I made sure all the uids were the same as before, and everything linked up without an issue. This is of course only an issue during a migration.