gitlab,jenkins,gerrit,sonarqube auth with active directory

最新推荐文章于 2024-03-19 10:20:04 发布

nowaits

最新推荐文章于 2024-03-19 10:20:04 发布

阅读量721

点赞数 2

分类专栏： xdja 文章标签： active directory

本文链接：https://blog.csdn.net/blacktears/article/details/85860512

版权

xdja 专栏收录该内容

0 篇文章 0 订阅

订阅专栏

LDAP Admin

ldap Admin is a free Windows LDAP client and administration tool for LDAP directory management. This application lets you browse, search, modify, create and delete objects on LDAP server. It also supports more complex operations such as directory copy and move between remote servers and extends the common edit functions to support specific object types (such as groups and accounts).

测试账户

在这里插入图片描述

gitlab-ce

参考自：How to configure LDAP with GitLab CE

gitlab.rb添加如下配置

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = {
'main' => {
  'label' => 'Windows AD',
  'host' =>  '192.168.22.129',
  'port' => 389,
  'uid' => 'userPrincipalName',
  'method' => 'plain',
  
  'active_directory' => true,
  'allow_username_or_email_login' => false,
  'block_auto_created_users' => false,
  'base' => 'ou=demo,dc=dev,dc=com',
  'user_filter' => '',

  'bind_dn' => 'CN=admin0,OU=demo,DC=dev,DC=com',
  'password' => 'xxxxxxx',

  # Only in EE
  'group_base' => 'ou=demo,dc=dev,dc=com',
  'admin_group' => 'DevAdmin'
  }
}

gitlab-ctl reconfigure && gitlab-ctl restart

最终效果

在这里插入图片描述

jenkins

安装Active Directory插件
配置
重新登录验证

SonarQube 7.4

配置参考文档

# LDAP configuration
# General Configuration

sonar.security.realm=LDAP
sonar.authenticator.downcase=true

ldap.url=ldap://192.168.22.129:389
ldap.bindDn=cn=admin0,ou=demo,dc=dev,dc=com
ldap.bindPassword=xxxxxx
ldap.realm=dev.com

ldap.user.baseDn=ou=demo,dc=dev,dc=com
# ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
# 邮箱登录
ldap.user.request=(&(objectClass=user)(userPrincipalName={login}))
ldap.user.realNameAttribute=sAMAccountName
ldap.user.emailAttribute=mail

# 用户组必须在sonarqube中已经创建，否则不会同步成功
ldap.group.baseDn=ou=demo,dc=dev,dc=com
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute=sAMAccountName

/etc/hosts中添加192.168.22.128 dev.com解析，不然会出现以下错误，域名解析超时，登录很慢 在这里插入图片描述

Gerrit 2.16.2

参考

[ldap]
        server = ldap://192.168.22.129:389
        username = cn=admin0,ou=demo,dc=dev,dc=com
        #
        #accountPattern = (&(objectClass=user)(sAMAccountName=${username}))
        # email login
        accountPattern = (&(objectClass=user)(userPrincipalName=${username}))
        accountBase = ou=demo,dc=dev,dc=com
        accountFullName=userPrincipalName
        accountEmailAddress = mail
        groupBase = ou=demo,dc=dev,dc=com
        groupPattern=(&(objectClass=group)(cn=${groupname}))

LDAP Groups：LDAP groups are Account Groups that are maintained inside of your LDAP instance. If you are using LDAP to manage your groups they will not appear in the Groups list. However you can use them just like regular Account Groups by prefixing your group with "ldap/" in the Access Control for a project. For example "ldap/foo-project" will add the LDAP "foo-project" group to the access list.