-
Notifications
You must be signed in to change notification settings - Fork 20
/
gitlab.rb-active-directory-ldap.patch
87 lines (84 loc) · 3.22 KB
/
gitlab.rb-active-directory-ldap.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
--- gitlab.rb.orig 2024-03-22 08:43:51.808098072 +0000
+++ gitlab.rb 2024-03-22 08:49:58.698780373 +0000
@@ -505,57 +505,36 @@
###! **Be careful not to break the indentation in the ldap_servers block. It is
###! in yaml format and the spaces must be retained. Using tabs will not work.**
-# gitlab_rails['ldap_enabled'] = false
+gitlab_rails['ldap_enabled'] = true
# gitlab_rails['prevent_ldap_sign_in'] = false
###! **remember to close this block with 'EOS' below**
-# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
-# main: # 'main' is the GitLab 'provider ID' of this LDAP server
-# label: 'LDAP'
-# host: '_your_ldap_server'
-# port: 389
-# uid: 'sAMAccountName'
-# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-# password: '_the_password_of_the_bind_user'
-# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
-# verify_certificates: true
-# smartcard_auth: false
-# active_directory: true
-# smartcard_ad_cert_field: 'altSecurityIdentities'
-# smartcard_ad_cert_format: null # 'issuer_and_serial_number', 'issuer_and_subject' , 'principal_name'
-# allow_username_or_email_login: false
-# lowercase_usernames: false
-# block_auto_created_users: false
-# base: ''
-# user_filter: ''
-# ## EE only
-# group_base: ''
-# admin_group: ''
-# sync_ssh_keys: false
-#
-# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
-# label: 'LDAP'
-# host: '_your_ldap_server'
-# port: 389
-# uid: 'sAMAccountName'
-# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-# password: '_the_password_of_the_bind_user'
-# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
-# verify_certificates: true
-# smartcard_auth: false
-# active_directory: true
-# smartcard_ad_cert_field: 'altSecurityIdentities'
-# smartcard_ad_cert_format: null # 'issuer_and_serial_number', 'issuer_and_subject' , 'principal_name'
-# allow_username_or_email_login: false
-# lowercase_usernames: false
-# block_auto_created_users: false
-# base: ''
-# user_filter: ''
-# ## EE only
-# group_base: ''
-# admin_group: ''
-# sync_ssh_keys: false
-# EOS
+gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
+ main: # 'main' is the GitLab 'provider ID' of this LDAP server
+ label: 'LDAP'
+ host: 'dc.example.com'
+ port: 636
+ encryption: 'simple_tls'
+ verify_certificates: true
+ smartcard_auth: false
+ ca_file: '/etc/ssl/certs/ca-certificates.crt'
+ #ssl_version: ''
+ uid: 'sAMAccountName'
+ bind_dn: '[email protected]'
+ password: 'HeyH0Password'
+ active_directory: true
+ allow_username_or_email_login: false
+ lowercase_usernames: false
+ block_auto_created_users: false
+ base: 'CN=Users,DC=example,DC=com'
+ user_filter: '(&(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
+ attributes:
+ username: ['uid', 'userid', 'sAMAccountName']
+ email: ['mail', 'email', 'userPrincipalName']
+ name: 'displayName'
+ first_name: 'givenName'
+ last_name: 'sn'
+EOS
### Smartcard authentication settings
###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html