Configure GitLab FreeIPA LDAP Authentication

In this guide, I’ll show you how to configure your GitLab Server to Authenticate users against the FreeIPA server. FreeIPA is an Open Source Identity management system sponsored by Red Hat.

On the other hand, GitLab is a fully-featured platform for accelerated software development. It provides up to scratch features like integrated CI/CD, Auto DevOps, Kubernetes integration, GitLab Container Registry e.t.c.

By leveraging FreeIPA advanced user management features, it becomes easy to manage user access to your GitlLab server. You don’t have to create users manually on GitLab Server, which can be tedious for large companies.

How To Configure GitLab FreeIPA Authentication

The pre-requisites for this setup are:

• Running GitLab Server
• Running FreeIPA Server

If you’re interested in doing a fresh installation of FreeIPA or GitLab server, you can refer to our guides below:

• How to Install FreeIPA Server on CentOS 7
• How to Install FreeIPA Server on Ubuntu
• Install FreeIPA Server on Rocky Linux 9 / AlmaLinux 9
• Run FreeIPA Server in Docker / Podman Containers
• Install and Configure FreeIPA Server on Rocky Linux 8

For GitLab, we have the guides:

• Install Gitlab CE on Ubuntu
• Install Gitlab CE on CentOS 7 / Fedora

The steps to setup GitLab FreeIPA authentication are as follows.

Step 1: Create LDAP Bind User on FreeIPA

We’ll need a user for binding to FreeIPA Server.  Login to your FreeIPA Server and create a user called gitlab

Navigate to Identity > Users > Add

Fill in the required details and click “Add“

Step 2: Configure GitLab Server

If you don’t have a domain name for FreeIPA Server configured on DNS, add the line to /etc/hosts file.

$ sudo vim /etc/hosts
192.168.3.10 ipa.example.com

Edit /etc/gitlab/gitlab.rb and enable LDAP

gitlab_rails['ldap_enabled'] = true

Then specify the path to file with LDAP settings for FreeIPA

gitlab_rails['ldap_servers'] = YAML.load_file('/etc/gitlab/freeipa_settings.yml')

Lastly, create the YAML file to hold IPA connection settings

sudo vim /etc/gitlab/freeipa_settings.yml

Configure like below:

main: 
  label: 'FreeIPA'
  host: 'ipa.example.com'
  port: 389
  uid: 'uid'
  method: 'tls'
  bind_dn: 'uid=gitlab,cn=users,cn=accounts,dc=example,dc=com'
  password: 'gitlabuserpassword'
  encryption: 'plain'
  base: 'cn=accounts,dc=example,dc=com'
  verify_certificates: false
  attributes:
    username: ['uid']
    email: ['mail']
    name: 'displayName'
    first_name: 'givenName'
    last_name: 'sn'

Substitute:

• ipa.example.com with FreeIPA server hostname
• All appearances of example and com with your FreeIPA server domain components.
• gitlabuserpassword with your gitlab IPA user password.

Save the file then reconfigure GitLab:

sudo gitlab-ctl reconfigure

Step 3: Login to GitLab via FreeIPA

You can now login to your GitLab server using user credentials on FreeIPA server.

Hit “Sign in” to login to your GitLab server with the provided username.

And Boom!, you’re in. Also check:

How to Secure GitLab server with SSL certificate

How to disable GitLab User registration on Login page

Recommended Linux Books  to read:

• Best Linux Books for Beginners & Experts
• Best Linux Kernel Programming Books
• Best Linux Bash Scripting Books
• Top RHCSA / RHCE Certification Study Books
• Best Top Rated CompTIA A+ Certification Books
• Best LPIC-1 and LPIC-2 certification study books