Configure GitLab FreeIPA LDAP Authentication

By Posted on 295 views

In this guide, I’ll show you how to configure your GitLab Server to Authenticate users against the FreeIPA server. FreeIPA is an Open Source Identity management system sponsored by Red Hat.

On the other hand, GitLab is a fully-featured platform for accelerated software development. It provides up to scratch features like integrated CI/CD, Auto DevOps, Kubernetes integration, GitLab Container Registry e.t.c.

By leveraging FreeIPA advanced user management features, it becomes easy to manage user access to your GitlLab server. You don’t have to create users manually on GitLab Server, which can be tedious for large companies.

Configure GitLab FreeIPA Authentication – Pre-requisites

The pre-requisites for this setup are:

  • Running GitLab Server
  • Running FreeIPA Server

If you’re interested in doing a fresh installation of FreeIPA or GitLab server, you can refer to our guides below:

How to Install FreeIPA Server on CentOS 7

How to Install FreeIPA Server on Ubuntu

For GitLab, we have the guides:

Install Gitlab CE on Ubuntu

Install Gitlab CE on CentOS 7 / Fedora

The steps to setup GitLab FreeIPA authentication are as follows.

Step 1: Create LDAP Bind User on FreeIPA

We’ll need a user for binding to FreeIPA Server.  Login to your FreeIPA Server and create a user called gitlab

Navigate to Identity > Users > Add

gitlab-create-bind-user

Fill in the required details and click “Add

Step 2: Configure GitLab Server

If you don’t have a domain name for FreeIPA Server configured on DNS, add the line to /etc/hosts file.

$ sudo vim /etc/hosts
192.168.3.10 ipa.example.com

Edit /etc/gitlab/gitlab.rb and enable LDAP

gitlab_rails['ldap_enabled'] = true

Then specify the path to file with LDAP settings for FreeIPA

gitlab_rails['ldap_servers'] = YAML.load_file('/etc/gitlab/freeipa_settings.yml')

Lastly, create the YAML file to hold IPA connection settings

sudo vim /etc/gitlab/freeipa_settings.yml

Configure like below:

main: 
  label: 'FreeIPA'
  host: 'ipa.example.com'
  port: 389
  uid: 'uid'
  method: 'tls'
  bind_dn: 'uid=gitlab,cn=users,cn=accounts,dc=example,dc=com'
  password: 'gitlabuserpassword'
  encryption: 'plain'
  base: 'cn=accounts,dc=example,dc=com'
  verify_certificates: false
  attributes:
    username: ['uid']
    email: ['mail']
    name: 'displayName'
    first_name: 'givenName'
    last_name: 'sn'

Substitute:

  • ipa.example.com with FreeIPA server hostname
  • All appearances of example and com with your FreeIPA server domain components.
  • gitlabuserpassword with your gitlab IPA user password.

Save the file then reconfigure GitLab:

sudo gitlab-ctl reconfigure

Step 2: Login to GitLab via FreeIPA

You can now login to your GitLab server using user credentials on FreeIPA server.

gitlab-server-login-with-freeipa-user

Hit “Sign in” to login to your GitLab server with the provided username.

install-gitlab-ubuntu-18.04-debian-9-interface-1-1024x301

And Boom!, you’re in

coffee

Related posts:

Gravatar Image
Ben Bennett - https://www.thetodaypost.net
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.