GitLab LDAP 二级策略
GitLab LDAP scondary strategy
我在干净的 Debian (debian-7.8.0-amd64) 上使用 GitLab CE Omnibus 包 (gitlab_7.7.2-omnibus.5.4.2.ci-1_amd64)安装。
我按照 https://about.gitlab.com/downloads/ 上的安装过程进行操作,一切正常。
我修改了 /etc/gitlab/gitlab.rb 以使用单个 LDAP 服务器进行身份验证。
这也符合预期。
但是当我尝试使用辅助 LDAP 连接时 "gitlab-ctl reconfigure" 给我输出:
---- Begin output of /opt/gitlab/bin/gitlab-rake cache:clear ----
STDOUT:
STDERR: rake aborted!
Devise::OmniAuth::StrategyNotFound: Could not find a strategy with name `Ldapsecondary'. Please ensure it is required or explicitly set it using the :strategy_class option .
Tasks: TOP => cache:clear => environment
(See full trace by running task with --trace)
---- End output of /opt/gitlab/bin/gitlab-rake cache:clear ----
所以,问题是我可以使用 LDAP 连接 'main' 但我不能使用连接 'secondary'。
是否可以在 CE 版本中同时使用两个不同的 LDAP 连接?
我是 ruby [在 rails] 的新手。我在 /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/ldap/config.rb 中找到了一些东西,但我无法调试任何东西。
这是我在 /etc/gitlab/gitlab.rb
中的设置
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'First Company'
host: '192.168.100.1'
port: 389
uid: 'sAMAccountName'
method: 'tls' # "tls" or "ssl" or "plain"
bind_dn: 'debian@firstcompany.local'
password: 'Passw0rd'
active_directory: true
allow_username_or_email_login: false
base: 'dc=firstcompany,dc=local'
user_filter: '(&(objectClass=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
## EE only
group_base: ''
admin_group: ''
sync_ssh_keys: false
secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
label: 'Second Company'
host: '192.168.200.1'
port: 389
uid: 'sAMAccountName'
method: 'tls' # "tls" or "ssl" or "plain"
bind_dn: 'debian@secondcompany.local'
password: 'Passw0rd'
active_directory: true
allow_username_or_email_login: false
base: 'dc=secondcompany,dc=local'
user_filter: '(&(objectClass=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
## EE only
group_base: ''
admin_group: ''
sync_ssh_keys: false
EOS
非常感谢!
多个 LDAP 服务器是一项 EE 功能,因此在 CE 中设置配置不会执行任何操作。您可以看到特征 in GitLab documentation.
有了 GitLab 14.7(2022 年 1 月,七年后),现在这成为可能! (对于托管实例)
LDAP failover support
You can now specify multiple hosts (using hosts) in your GitLab LDAP configuration.
GitLab will use the first reachable host. This ensures continuity of access to GitLab should one of your LDAP hosts become unresponsive.
Thanks to Mathieu Parent for the contribution!
See Documentation and Issue.
我在干净的 Debian (debian-7.8.0-amd64) 上使用 GitLab CE Omnibus 包 (gitlab_7.7.2-omnibus.5.4.2.ci-1_amd64)安装。
我按照 https://about.gitlab.com/downloads/ 上的安装过程进行操作,一切正常。
我修改了 /etc/gitlab/gitlab.rb 以使用单个 LDAP 服务器进行身份验证。 这也符合预期。
但是当我尝试使用辅助 LDAP 连接时 "gitlab-ctl reconfigure" 给我输出:
---- Begin output of /opt/gitlab/bin/gitlab-rake cache:clear ----
STDOUT:
STDERR: rake aborted!
Devise::OmniAuth::StrategyNotFound: Could not find a strategy with name `Ldapsecondary'. Please ensure it is required or explicitly set it using the :strategy_class option .
Tasks: TOP => cache:clear => environment
(See full trace by running task with --trace)
---- End output of /opt/gitlab/bin/gitlab-rake cache:clear ----
所以,问题是我可以使用 LDAP 连接 'main' 但我不能使用连接 'secondary'。
是否可以在 CE 版本中同时使用两个不同的 LDAP 连接?
我是 ruby [在 rails] 的新手。我在 /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/ldap/config.rb 中找到了一些东西,但我无法调试任何东西。
这是我在 /etc/gitlab/gitlab.rb
中的设置gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'First Company'
host: '192.168.100.1'
port: 389
uid: 'sAMAccountName'
method: 'tls' # "tls" or "ssl" or "plain"
bind_dn: 'debian@firstcompany.local'
password: 'Passw0rd'
active_directory: true
allow_username_or_email_login: false
base: 'dc=firstcompany,dc=local'
user_filter: '(&(objectClass=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
## EE only
group_base: ''
admin_group: ''
sync_ssh_keys: false
secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
label: 'Second Company'
host: '192.168.200.1'
port: 389
uid: 'sAMAccountName'
method: 'tls' # "tls" or "ssl" or "plain"
bind_dn: 'debian@secondcompany.local'
password: 'Passw0rd'
active_directory: true
allow_username_or_email_login: false
base: 'dc=secondcompany,dc=local'
user_filter: '(&(objectClass=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
## EE only
group_base: ''
admin_group: ''
sync_ssh_keys: false
EOS
非常感谢!
多个 LDAP 服务器是一项 EE 功能,因此在 CE 中设置配置不会执行任何操作。您可以看到特征 in GitLab documentation.
有了 GitLab 14.7(2022 年 1 月,七年后),现在这成为可能! (对于托管实例)
LDAP failover support
You can now specify multiple hosts (using
hosts) in your GitLab LDAP configuration.GitLab will use the first reachable host. This ensures continuity of access to GitLab should one of your LDAP hosts become unresponsive.
Thanks to Mathieu Parent for the contribution!
See Documentation and Issue.