LDAP Admin
ldap Admin is a free Windows LDAP client and administration tool for LDAP directory management. This application lets you browse, search, modify, create and delete objects on LDAP server. It also supports more complex operations such as directory copy and move between remote servers and extends the common edit functions to support specific object types (such as groups and accounts).
测试账户
gitlab-ce
参考自:How to configure LDAP with GitLab CE
- gitlab.rb添加如下配置
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = {
'main' => {
'label' => 'Windows AD',
'host' => '192.168.22.129',
'port' => 389,
'uid' => 'userPrincipalName',
'method' => 'plain',
'active_directory' => true,
'allow_username_or_email_login' => false,
'block_auto_created_users' => false,
'base' => 'ou=demo,dc=dev,dc=com',
'user_filter' => '',
'bind_dn' => 'CN=admin0,OU=demo,DC=dev,DC=com',
'password' => 'xxxxxxx',
# Only in EE
'group_base' => 'ou=demo,dc=dev,dc=com',
'admin_group' => 'DevAdmin'
}
}
gitlab-ctl reconfigure && gitlab-ctl restart
最终效果
jenkins
- 安装Active Directory插件
- 配置
- 重新登录验证
SonarQube 7.4
# LDAP configuration
# General Configuration
sonar.security.realm=LDAP
sonar.authenticator.downcase=true
ldap.url=ldap://192.168.22.129:389
ldap.bindDn=cn=admin0,ou=demo,dc=dev,dc=com
ldap.bindPassword=xxxxxx
ldap.realm=dev.com
ldap.user.baseDn=ou=demo,dc=dev,dc=com
# ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
# 邮箱登录
ldap.user.request=(&(objectClass=user)(userPrincipalName={login}))
ldap.user.realNameAttribute=sAMAccountName
ldap.user.emailAttribute=mail
# 用户组必须在sonarqube中已经创建,否则不会同步成功
ldap.group.baseDn=ou=demo,dc=dev,dc=com
ldap.group.request=(&(objectClass=group)(member={dn}))
ldap.group.idAttribute=sAMAccountName
/etc/hosts中添加192.168.22.128 dev.com解析,不然会出现以下错误,域名解析超时,登录很慢
Gerrit 2.16.2
[ldap]
server = ldap://192.168.22.129:389
username = cn=admin0,ou=demo,dc=dev,dc=com
#
#accountPattern = (&(objectClass=user)(sAMAccountName=${username}))
# email login
accountPattern = (&(objectClass=user)(userPrincipalName=${username}))
accountBase = ou=demo,dc=dev,dc=com
accountFullName=userPrincipalName
accountEmailAddress = mail
groupBase = ou=demo,dc=dev,dc=com
groupPattern=(&(objectClass=group)(cn=${groupname}))
- LDAP Groups:
LDAP groups are Account Groups that are maintained inside of your LDAP instance. If you are using LDAP to manage your groups they will not appear in the Groups list. However you can use them just like regular Account Groups by prefixing your group with "ldap/" in the Access Control for a project. For example "ldap/foo-project" will add the LDAP "foo-project" group to the access list.