gitlab\u662f\u4e00\u6b3e\u9ad8\u6548\u7684\u4ee3\u7801\u7ba1\u7406\u5de5\u5177\uff0c\u5b83\u80fd\u591f\u5e2e\u52a9\u56e2\u961f\u66f4\u52a0\u9ad8\u6548\u5730\u7ba1\u7406\u4ee3\u7801\uff0c\u5e76\u5b9e\u73b0\u66f4\u597d\u7684\u534f\u4f5c\u3002\u5728\u4e00\u4e2a\u56e2\u961f\u4e2d\uff0c\u6709\u65f6\u9700\u8981\u5bf9\u4e0d\u540c\u4eba\u5458\u6388\u4e88\u4e0d\u540c\u7684\u6743\u9650\uff0c\u8fd9\u65f6\u5c31\u9700\u8981\u4f7f\u7528ldap\u6765\u5bf9gitlab\u8fdb\u884c\u8ba4\u8bc1\u5de5\u4f5c\u3002\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c31\u6765\u4e86\u89e3\u4e00\u4e0b\u5982\u4f55\u5728gitlab\u4e2d\u90e8\u7f72ldap\u3002<\/p>\n
\u4e00\u3001\u5b89\u88c5LDAP\u63d2\u4ef6<\/p>\n
\u9996\u5148\uff0c\u5728\u5b89\u88c5GitLab\u4e4b\u524d\uff0c\u9700\u8981\u5148\u5b89\u88c5LDAP\u63d2\u4ef6\u3002\u5728\u5b89\u88c5\u5b8cGitLab\u4e4b\u540e\uff0c\u6211\u4eec\u8fdb\u5165GitLab\u7684\u5b89\u88c5\u76ee\u5f55\uff0c\u5b89\u88c5LDAP\u4f9d\u8d56\u5305\u3002<\/p>\n
yum install openldap openldap-devel -y<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u5b89\u88c5\u5b8c\u4f9d\u8d56\u5305\u4e4b\u540e\uff0c\u6211\u4eec\u9700\u8981\u5b89\u88c5GitLab\u7684LDAP\u63d2\u4ef6\uff0c\u5148\u8fdb\u5165GitLab\u7684\u63d2\u4ef6\u76ee\u5f55\uff1a<\/p>\n
cd \/usr\/share\/gitlab\/lib\/gitlab\/auth\/backends\/<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u7136\u540e\uff0c\u6211\u4eec\u9700\u8981\u4e0b\u8f7dLDAP\u63d2\u4ef6\u7684tar\u5305:<\/p>\n
sudo curl -o ldap.tar.gz https:\/\/gitlab.com\/gitlab-org\/gitlab-ce\/repository\/archive.tar.gz?ref=master<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u89e3\u538bLDAP\u63d2\u4ef6\u7684tar\u5305\uff0c\u8986\u76d6\u539f\u6709\u6587\u4ef6:<\/p>\n
sudo tar -zxf ldap.tar.gz --strip-components 2 gitlab-ce-master\/lib\/gitlab\/auth\/backends\/gitlab_ldap\/<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u91cd\u65b0\u6267\u884cGitLab\u7684\u914d\u7f6e\uff1a<\/p>\n
sudo gitlab-ctl reconfigure<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u4e8c\u3001\u914d\u7f6eLDAP<\/p>\n
\u5728\u5b89\u88c5LDAP\u63d2\u4ef6\u540e\uff0c\u6211\u4eec\u9700\u8981\u5bf9GitLab\u8fdb\u884cLDAP\u7684\u914d\u7f6e\u3002\u6253\u5f00GitLab\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u6dfb\u52a0LDAP\u914d\u7f6e\u5185\u5bb9\uff1a<\/p>\n
sudo vim \/etc\/gitlab\/gitlab.rb<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u6211\u4eec\u9700\u8981\u914d\u7f6e\u7684\u4e3b\u8981\u53c2\u6570\u5982\u4e0b\uff1a<\/p>\n
gitlab_rails['ldap_enabled'] = true\ngitlab_rails['ldap_servers'] = YAML.load <<-'EOS'\n main: # \u2018main\u2019\u5176\u5b9e\u662f\u540d\u79f0\uff0c\u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u914d\u7f6e\uff0c\u4e0b\u9762\u4e5f\u9700\u8981\u4f7f\u7528\u540c\u6837\u7684\u540d\u79f0\n label: 'LDAP'\n host: 'ldap.example.com' # LDAP\u670d\u52a1\u5668\u5730\u5740\n port: 389 # LDAP\u670d\u52a1\u5668\u7aef\u53e3\n uid: 'sAMAccountName' # \u7528\u6237\u767b\u5f55\u65f6\u9700\u8981\u4f7f\u7528\u7684\u5c5e\u6027\n block_auto_created_users: false # \u662f\u5426\u963b\u6b62\u81ea\u52a8\u521b\u5efa\n bind_dn: 'CN=ldapuser,OU=Web Services,DC=example,DC=com' # LDAP\u7684\u7ba1\u7406\u5458\u8d26\u6237\n password: 'yourpassword' # LDAP\u7ba1\u7406\u5458\u8d26\u6237\u7684\u5bc6\u7801\n encryption: 'plain' # \u52a0\u5bc6\u65b9\u5f0f\uff0cplain\u6216tls\n base: 'CN=Users,DC=example,DC=com' # \u67e5\u8be2\u7684\u57fa\u7840DN\n user_filter: '' # \u6839\u636e\u9700\u8981\u8bbe\u7f6e\u7528\u6237\u7b5b\u9009\u89c4\u5219\nEOS<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u914d\u7f6e\u5b8c\u4e4b\u540e\uff0c\u91cd\u65b0\u6267\u884cGitLab\u7684\u914d\u7f6e\uff1a<\/p>\n
sudo gitlab-ctl reconfigure<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u4e09\u3001\u6d4b\u8bd5LDAP\u8fde\u63a5<\/p>\n
\u914d\u7f6e\u5b8cLDAP\u4e4b\u540e\uff0c\u6211\u4eec\u9700\u8981\u6d4b\u8bd5LDAP\u8fde\u63a5\u662f\u5426\u6210\u529f\u3002\u9996\u5148\uff0c\u6211\u4eec\u9700\u8981\u5728LDAP\u4e0a\u521b\u5efa\u4e00\u4e2a\u6d4b\u8bd5\u8d26\u6237\uff0c\u4f8b\u5982\uff1atestuser\u3002<\/p>\n
\u5728GitLab\u670d\u52a1\u5668\u4e0a\u4f7f\u7528ldapsearch\u547d\u4ee4\u6d4b\u8bd5LDAP\u8fde\u63a5\uff0c\u4f8b\u5982\uff1a<\/p>\n
ldapsearch -H ldap:\/\/ldap.example.com -x -b \"CN=Users,DC=example,DC=com\" -D \"CN=ldapuser,OU=Web Services,DC=example,DC=com\" -w 'yourpassword'<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u5982\u679c\u8fde\u63a5\u6210\u529f\uff0c\u6211\u4eec\u53ef\u4ee5\u67e5\u770bLDAP\u4e2d\u7528\u6237\u4fe1\u606f\uff0c\u4f8b\u5982\uff1a<\/p>\n
# testuser, Users, example.com\ndn: CN=testuser,CN=Users,DC=example,DC=com\nobjectClass: top\nobjectClass: person\n...<\/pre>\n\u767b\u5f55\u540e\u590d\u5236 <\/p>\n
\u5982\u679c\u51fa\u73b0\u4ee5\u4e0a\u4fe1\u606f\uff0c\u8bf4\u660e\u8fde\u63a5\u6210\u529f\u3002<\/p>\n
\u56db\u3001\u5728GitLab\u4e2d\u542f\u7528LDAP<\/p>\n
\u5f53LDAP\u8fde\u63a5\u6210\u529f\u4e4b\u540e\uff0c\u6211\u4eec\u9700\u8981\u5728GitLab\u4e2d\u542f\u7528LDAP\u3002\u542f\u7528LDAP\u540e\uff0c\u6bcf\u4e2aLDAP\u7528\u6237\u90fd\u80fd\u591f\u767b\u9646GitLab\uff0c\u5e76\u4f7f\u7528\u5176\u5141\u8bb8\u7684\u6743\u9650\u3002<\/p>\n
\u5728GitLab\u7684\u7528\u6237\u9762\u677f\u4e2d\uff0c\u5355\u51fb\u201cAdministrator area\u201d -> \u201cSettings\u201d -> \u201cLDAP\u201d\uff0c\u7136\u540e\u542f\u7528LDAP\u9009\u9879\u3002<\/p>\n
\u6211\u4eec\u9700\u8981\u914d\u7f6e\u7684\u4e3b\u8981\u53c2\u6570\u5982\u4e0b\uff1a<\/p>\n
\u6839\u636e\u60c5\u51b5\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u4fee\u6539\u767b\u5f55\u65f6\u4f7f\u7528\u7684\u5c5e\u6027\u540d\uff0c\u4ee5\u53ca\u5728LDAP\u8fc7\u6ee4\u5668\u4e2d\u6dfb\u52a0\u81ea\u5b9a\u4e49\u89c4\u5219\uff0c\u4ee5\u7b5b\u9009\u7279\u5b9a\u7684\u7528\u6237\u3002<\/p>\n
\u4e94\u3001\u603b\u7ed3<\/p>\n
\u901a\u8fc7\u8fd9\u7bc7\u6587\u7ae0\u7684\u4ecb\u7ecd\uff0c\u6211\u4eec\u53ef\u4ee5\u77e5\u9053\u5982\u4f55\u5728GitLab\u4e2d\u90e8\u7f72LDAP\u3002\u5728GitLab\u4e2d\u542f\u7528LDAP\u53ef\u4ee5\u6709\u6548\u5730\u7ba1\u7406\u56e2\u961f\u4e2d\u7684\u7528\u6237\uff0c\u4e3a\u65e5\u540e\u7684\u5f00\u53d1\u5de5\u4f5c\u63d0\u4f9b\u4e86\u826f\u597d\u7684\u57fa\u7840\u3002<\/p>\n
\u4ee5\u4e0a\u5c31\u662f\u624b\u628a\u624b\u6559\u4f60\u5728GitLab\u4e2d\u90e8\u7f72LDAP\u7684\u8be6\u7ec6\u5185\u5bb9\uff0c\u66f4\u591a\u8bf7\u5173\u6ce8\u7c73\u4e91\u5176\u5b83\u76f8\u5173\u6587\u7ae0\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
gitlab\u662f\u4e00\u6b3e\u9ad8\u6548\u7684\u4ee3\u7801\u7ba1\u7406\u5de5\u5177\uff0c\u5b83\u80fd\u591f\u5e2e\u52a9\u56e2\u961f\u66f4\u52a0\u9ad8\u6548\u5730\u7ba1\u7406\u4ee3\u7801\uff0c\u5e76\u5b9e\u73b0\u66f4\u597d\u7684\u534f\u4f5c\u3002\u5728\u4e00\u4e2a\u56e2\u961f\u4e2d\uff0c\u6709\u65f6\u9700\u8981\u5bf9\u4e0d\u540c\u4eba\u5458\u6388\u4e88\u4e0d\u540c\u7684\u6743\u9650\uff0c\u8fd9\u65f6\u5c31\u9700\u8981\u4f7f\u7528ldap\u6765\u5bf9gitlab\u8fdb\u884c\u8ba4\u8bc1\u5de5\u4f5c\u3002\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c31\u6765\u4e86\u89e3\u4e00\u4e0b\u5982\u4f55\u5728gitlab\u4e2d\u90e8\u7f72ldap\u3002 \u4e00\u3001\u5b89\u88c5LDAP\u63d2\u4ef6 \u9996\u5148\uff0c\u5728\u5b89\u88c5GitLab\u4e4b\u524d\uff0c\u9700\u8981\u5148\u5b89\u88c5LDAP\u63d2\u4ef6\u3002\u5728\u5b89\u88c5\u5b8cGitLab\u4e4b\u540e\uff0c\u6211\u4eec\u8fdb\u5165GitLab\u7684\u5b89\u88c5\u76ee\u5f55\uff0c\u5b89\u88c5LDAP\u4f9d\u8d56\u5305\u3002 yum install openldap openldap-devel -y \u767b\u5f55\u540e\u590d\u5236 \u5b89\u88c5\u5b8c\u4f9d\u8d56\u5305\u4e4b\u540e\uff0c\u6211\u4eec\u9700\u8981\u5b89\u88c5GitLab\u7684LDAP\u63d2\u4ef6\uff0c\u5148\u8fdb\u5165GitLab\u7684\u63d2\u4ef6\u76ee\u5f55\uff1a cd \/usr\/share\/gitlab\/lib\/gitlab\/auth\/backends\/ \u767b\u5f55\u540e\u590d\u5236 \u7136\u540e\uff0c\u6211\u4eec\u9700\u8981\u4e0b\u8f7dLDAP\u63d2\u4ef6\u7684tar\u5305: sudo curl -o ldap.tar.gz https:\/\/gitlab.com\/gitlab-org\/gitlab-ce\/repository\/archive.tar.gz?ref=master \u767b\u5f55\u540e\u590d\u5236 \u89e3\u538bLDAP\u63d2\u4ef6\u7684tar\u5305\uff0c\u8986\u76d6\u539f\u6709\u6587\u4ef6: sudo tar -zxf ldap.tar.gz –strip-components 2 gitlab-ce-master\/lib\/gitlab\/auth\/backends\/gitlab_ldap\/ \u767b\u5f55\u540e\u590d\u5236 \u91cd\u65b0\u6267\u884cGitLab\u7684\u914d\u7f6e\uff1a sudo gitlab-ctl reconfigure \u767b\u5f55\u540e\u590d\u5236 \u767b\u5f55\u540e\u590d\u5236 \u4e8c\u3001\u914d\u7f6eLDAP \u5728\u5b89\u88c5LDAP\u63d2\u4ef6\u540e\uff0c\u6211\u4eec\u9700\u8981\u5bf9GitLab\u8fdb\u884cLDAP\u7684\u914d\u7f6e\u3002\u6253\u5f00GitLab\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u6dfb\u52a0LDAP\u914d\u7f6e\u5185\u5bb9\uff1a sudo vim \/etc\/gitlab\/gitlab.rb \u767b\u5f55\u540e\u590d\u5236 \u6211\u4eec\u9700\u8981\u914d\u7f6e\u7684\u4e3b\u8981\u53c2\u6570\u5982\u4e0b\uff1a gitlab_rails[‘ldap_enabled’] = true gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’ main: # \u2018main\u2019\u5176\u5b9e\u662f\u540d\u79f0\uff0c\u53ef\u4ee5\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u914d\u7f6e\uff0c\u4e0b\u9762\u4e5f\u9700\u8981\u4f7f\u7528\u540c\u6837\u7684\u540d\u79f0 label: ‘LDAP’ host: […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-19274","post","type-post","status-publish","format-standard","hentry","category-16"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/19274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=19274"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/19274\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=19274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=19274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=19274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}