freeipa:https://blog.csdn.net/Michaelwubo/article/details/109721877
gitlab:
[root@localhost config]# podman run -it --name gitlab-152 --restart=always --privileged -v /services/gitlab/config:/etc/gitlab -v /services/gitlab/logs:/var/log/gitlab -v /services/gitlab/data:/var/opt/gitlab -p 8443:443 -p 2222:22 -p 9312:80 -d docker.io/gitlab/gitlab-ce:11.3.4-ce.0
[root@localhost config]# vim gitlab.rb
external_url 'http://10.10.3.152:9312'
gitlab_rails['gitlab_ssh_host'] = '10.10.3.152'
gitlab_rails['ldap_enabled'] = true
###实现分组控制登录Gitlab
###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: '10.10.3.158'
port: 389
uid: 'uid'
##bind_dn: 'uid=admin,cn=users,cn=compat,dc=cclinux,dc=com,dc=cn'
bind_dn: 'uid=admin,cn=users,cn=accounts,dc=cclinux,dc=com,dc=cn'
password: '123456aA'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: true
active_directory: true
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
##base: 'cn=users,cn=compat,dc=cclinux,dc=com,dc=cn'
base: 'cn=users,cn=accounts,dc=cclinux,dc=com,dc=cn'
##user_filter: ''
user_filter: 'memberOf=cn=gitlab_user,cn=groups,cn=accounts,dc=cclinux,dc=com,dc=cn'
## EE only
#group_base: 'cn=groups,cn=compat,dc=cclinux,dc=com,dc=cn'
#admin_group: 'admins'
#sync_ssh_keys: false
# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
# label: 'LDAP'
# host: '_your_ldap_server'
# port: 389
# uid: 'sAMAccountName'
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
# password: '_the_password_of_the_bind_user'
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
# active_directory: true
# allow_username_or_email_login: false
# lowercase_usernames: false
# block_auto_created_users: false
# base: ''
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
EOS
gitlab_rails['gitlab_shell_ssh_port'] = 2222
nginx['listen_port'] = 80
pages_external_url "http://10.10.3.152:9312/"
Gitlab配置LDAP
参考链接:https://docs.gitlab.com/ee/administration/auth/ldap.html
https://bloodzer0.github.io/ossa/iam/gitlab_freeipa/
备注:我们这里使用的是FreeIPA来替代原生的LDAP。
FreeIPA地址:10.10.3.158 freeipa.cclinux.com.cn
GitLab地址:10.10.3.152
[root@localhost config]# podman exec -it 502e65983512 bash
# 重启GitLab服务
root@502e65983512:/# gitlab-ctl reconfigure gitlab-ctl reconfigure
root@502e65983512:/# gitlab-ctl reconfigure gitlab-ctl restart
此时我们在FreeIPA中新建一个组,组名为:gitlab_user,并在其中新建一个用户:wubo,我们使用此账户来登录GitLab: