Hits: 50

登录: 域账号带不带邮箱后缀对可以登录的,显示为同一个账号;

https://blog.csdn.net/weixin_37623484/article/details/88636128

https://docs.gitlab.com/ee/administration/auth/how_to_configure_ldap_gitlab_ce/

https://www.reddit.com/r/synology/comments/68lw9c/gitlab_ldap_w_synology_dsm/

http://www.nsdi.tw/2018/03/08/synology-docker-gitlab-%E4%B8%B2%E6%8E%A5-ldap-%E8%A8%AD%E5%AE%9A/                  这个是正解

测试LDAP查询参数与查询条件

在修改Gitlab配置之前先测试一下是否可以正常从域控上获取用户信息。

ldapsearch -h example.com -D xxxx@example.com -w StrongPassword -b “cn=users,DC=example,DC=COM” sAMAccountName

群晖

容器>synology_gitlab>详情>终端机>新增bash;(重启会失效)

1
 root@synology_gitlab:/home/git/gitlab/config# vi gitlab.yml

也可以进入DSM ssh后台修改;/volume1/@docker/aufs/mnt/  搜索find -name gitlab.yml,打开修改;(重启会失效)

修改這份設定將LDAP開啟與設定參數

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
## LDAP settings
# You can inspect a sample of the LDAP users with login access by running:
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: true #启用,默认false
servers:
##########################################################################
#
# Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
# Enterprise Edition now supports connecting to multiple LDAP servers.
#
# If you are updating from the old (pre-7.4) syntax, you MUST give your
# old server the ID '
main'.
#
##########################################################################
main: # '
main' is the GitLab 'provider ID' of this LDAP server
## label
#
# A human-friendly name for your LDAP server. It is OK to change the label later,
# for instance if you find out it is too large to fit on the web page.
#
# Example: '
Paris' or 'Acme, Ltd.'
label: '
Gitlab AD' # 显示的名字

host: '
192.168.0.100' #AD SERVER 主机IP
port: 389 #端口,默认不用改
uid: '
sAMAccountName' #默认不用改

encryption: '
plain' # "start_tls" or "simple_tls" or "plain"
verify_certificates: true
ca_file: '
'
ssl_version: '
'

bind_dn: '
xxxx@example.com' #用户
password: '
xxxxxxxxxx' #xxxx@example.com的密码

# Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
# a request if the LDAP server becomes unresponsive.
# A value of 0 means there is no timeout.
timeout: 10

# This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false.
active_directory: true

# If allow_username_or_email_login is enabled, GitLab will ignore everything
# after the first '
@' in the LDAP username submitted by the user on login.
#
# Example:
# - the user enters '
jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
# - GitLab queries the LDAP server with '
jane.doe' and 'p@ssw0rd'.
#
# If you are using "uid: '
userPrincipalName'" on ActiveDirectory you need to
# disable this setting, because the userPrincipalName contains an '
@'.
allow_username_or_email_login: true

# To maintain tight control over the number of active users on your GitLab installation,
# enable this setting to keep new users blocked until they have been cleared by the admin
# (default: false).
block_auto_created_users: false

# Base where we can search for users
#
# Ex. ou=People,dc=gitlab,dc=example
#
base: '
DC=example,DC=com' #搜索的域名;

儲存後要重開gitlab

1
root@synology_gitlab:/home/git/gitlab/config# sudo /etc/init.d/gitlab restart

 

QNAP: 只能ssh修改gitlab.yml

1
2
3
4
5
6
7
8
[/share/CACHEDEV1_DATA/Container/container-station-data/lib/docker/overlay2] # find -name gitlab.yml
./0ee417b3c4f7b912f5e468463a8e78a88bbbddfdf5e83a1d2b892c196f285cc4/diff/home/git/gitlab/config/gitlab.yml
./0ee417b3c4f7b912f5e468463a8e78a88bbbddfdf5e83a1d2b892c196f285cc4/merged/etc/docker-gitlab/runtime/config/gitlabhq/gitlab.yml
./0ee417b3c4f7b912f5e468463a8e78a88bbbddfdf5e83a1d2b892c196f285cc4/merged/home/git/gitlab/config/gitlab.yml
vi  0ee417b3c4f7b912f5e468463a8e78a88bbbddfdf5e83a1d2b892c196f285cc4/merged/home/git/gitlab/config/gitlab.yml
#  编辑上行的gitlab.yml,参考上面到方法
[/share/CACHEDEV1_DATA/Container/container-station-data/lib/docker/overlay2] # docker exec -d gitlab_gitlab_1 /etc/init.d/gitlab restart
#  gitlab_gitlab_1 为容器名字 通过docker ps可以查看到
By |2021-04-02T10:25:56+00:00May 6th, 2019|NAS群晖/威联通|0 Comments

About the Author:

Leave A Comment