freeipa+app

最新推荐文章于 2024-04-16 18:07:02 发布

Michaelwubo

最新推荐文章于 2024-04-16 18:07:02 发布

阅读量282

点赞数

本文链接：https://blog.csdn.net/Michaelwubo/article/details/114279069

版权

freeipa:https://blog.csdn.net/Michaelwubo/article/details/109721877

gitlab:

[root@localhost config]# podman run -it  --name gitlab-152  --restart=always  --privileged   -v /services/gitlab/config:/etc/gitlab -v /services/gitlab/logs:/var/log/gitlab -v /services/gitlab/data:/var/opt/gitlab -p 8443:443 -p 2222:22 -p 9312:80 -d docker.io/gitlab/gitlab-ce:11.3.4-ce.0

[root@localhost config]# vim gitlab.rb

external_url 'http://10.10.3.152:9312'

gitlab_rails['gitlab_ssh_host'] = '10.10.3.152'

gitlab_rails['ldap_enabled'] = true


###实现分组控制登录Gitlab
###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
    label: 'LDAP'
    host: '10.10.3.158'
    port: 389
    uid: 'uid'
    ##bind_dn: 'uid=admin,cn=users,cn=compat,dc=cclinux,dc=com,dc=cn'
    bind_dn: 'uid=admin,cn=users,cn=accounts,dc=cclinux,dc=com,dc=cn'
    password: '123456aA'
    encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
    verify_certificates: true
    active_directory: true
    allow_username_or_email_login: false
    lowercase_usernames: false
    block_auto_created_users: false
    ##base: 'cn=users,cn=compat,dc=cclinux,dc=com,dc=cn'
    base: 'cn=users,cn=accounts,dc=cclinux,dc=com,dc=cn'
    ##user_filter: ''
    user_filter: 'memberOf=cn=gitlab_user,cn=groups,cn=accounts,dc=cclinux,dc=com,dc=cn'
    ## EE only
    #group_base: 'cn=groups,cn=compat,dc=cclinux,dc=com,dc=cn'
    #admin_group: 'admins'
    #sync_ssh_keys: false

#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
#     label: 'LDAP'
#     host: '_your_ldap_server'
#     port: 389
#     uid: 'sAMAccountName'
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
#     verify_certificates: true
#     active_directory: true
#     allow_username_or_email_login: false
#     lowercase_usernames: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
 EOS



gitlab_rails['gitlab_shell_ssh_port'] = 2222


nginx['listen_port'] = 80

pages_external_url "http://10.10.3.152:9312/"

Gitlab配置LDAP
参考链接：https://docs.gitlab.com/ee/administration/auth/ldap.html

https://bloodzer0.github.io/ossa/iam/gitlab_freeipa/

备注：我们这里使用的是FreeIPA来替代原生的LDAP。

FreeIPA地址：10.10.3.158 freeipa.cclinux.com.cn
GitLab地址：10.10.3.152

[root@localhost config]# podman  exec -it 502e65983512 bash
# 重启GitLab服务
root@502e65983512:/# gitlab-ctl reconfigure gitlab-ctl reconfigure
root@502e65983512:/# gitlab-ctl reconfigure gitlab-ctl restart

此时我们在FreeIPA中新建一个组，组名为：gitlab_user，并在其中新建一个用户：wubo，我们使用此账户来登录GitLab：

Michaelwubo

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
freeipa+app

freeipa:https://blog.csdn.net/Michaelwubo/article/details/109721877gitlab:[root@localhost config]# podman run -it --name gitlab-152 --restart=always --privileged -v /services/gitlab/config:/etc/gitlab -v /services/gitlab/logs:/var/log/gitlab -v /...
复制链接

扫一扫

freeipa+app

“相关推荐”对你有帮助么？