Wednesday, January 1, 2025
Google search engine
HomeGuest BlogsConfigure GitLab FreeIPA LDAP Authentication

Configure GitLab FreeIPA LDAP Authentication

In this guide, I’ll show you how to configure your GitLab Server to Authenticate users against the FreeIPA server. FreeIPA is an Open Source Identity management system sponsored by Red Hat.

On the other hand, GitLab is a fully-featured platform for accelerated software development. It provides up to scratch features like integrated CI/CD, Auto DevOps, Kubernetes integration, GitLab Container Registry e.t.c.

By leveraging FreeIPA advanced user management features, it becomes easy to manage user access to your GitlLab server. You don’t have to create users manually on GitLab Server, which can be tedious for large companies.

How To Configure GitLab FreeIPA Authentication

The pre-requisites for this setup are:

  • Running GitLab Server
  • Running FreeIPA Server

If you’re interested in doing a fresh installation of FreeIPA or GitLab server, you can refer to our guides below:

For GitLab, we have the guides:

The steps to setup GitLab FreeIPA authentication are as follows.

Step 1: Create LDAP Bind User on FreeIPA

We’ll need a user for binding to FreeIPA Server.  Login to your FreeIPA Server and create a user called gitlab

Navigate to Identity > Users > Add

gitlab create bind user

Fill in the required details and click “Add

Step 2: Configure GitLab Server

If you don’t have a domain name for FreeIPA Server configured on DNS, add the line to /etc/hosts file.

$ sudo vim /etc/hosts
192.168.3.10 ipa.example.com

Edit /etc/gitlab/gitlab.rb and enable LDAP

gitlab_rails['ldap_enabled'] = true

Then specify the path to file with LDAP settings for FreeIPA

gitlab_rails['ldap_servers'] = YAML.load_file('/etc/gitlab/freeipa_settings.yml')

Lastly, create the YAML file to hold IPA connection settings

sudo vim /etc/gitlab/freeipa_settings.yml

Configure like below:

main: 
  label: 'FreeIPA'
  host: 'ipa.example.com'
  port: 389
  uid: 'uid'
  method: 'tls'
  bind_dn: 'uid=gitlab,cn=users,cn=accounts,dc=example,dc=com'
  password: 'gitlabuserpassword'
  encryption: 'plain'
  base: 'cn=accounts,dc=example,dc=com'
  verify_certificates: false
  attributes:
    username: ['uid']
    email: ['mail']
    name: 'displayName'
    first_name: 'givenName'
    last_name: 'sn'

Substitute:

  • ipa.example.com with FreeIPA server hostname
  • All appearances of example and com with your FreeIPA server domain components.
  • gitlabuserpassword with your gitlab IPA user password.

Save the file then reconfigure GitLab:

sudo gitlab-ctl reconfigure

Step 3: Login to GitLab via FreeIPA

You can now login to your GitLab server using user credentials on FreeIPA server.

gitlab server login with freeipa user

Hit “Sign in” to login to your GitLab server with the provided username.

install gitlab ubuntu 18.04 debian 9 interface 1

And Boom!, you’re in. Also check:

How to Secure GitLab server with SSL certificate

How to disable GitLab User registration on Login page

Recommended Linux Books  to read:

RELATED ARTICLES

Most Popular

Recent Comments