gitlab: Add LDAP configuration variables

2021-09-21 04:49:53 +02:00 · 2021-09-21 04:49:53 +02:00 · c0b3f585b7
commit c0b3f585b7
parent e0c616ed05
2 changed files with 45 additions and 0 deletions
--- a/roles/gitlab/defaults/main.yml
+++ b/roles/gitlab/defaults/main.yml
@ -99,6 +99,21 @@ gitlab_saml:
  name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  autologin: false

+# LDAP settings
+gitlab_ldap:
+  enabled: false
+  label: "LDAP"
+  host: "ldap.example.com"
+  port: 389
+  bind_dn: "_the_full_dn_of_the_user_you_will_bind_with"
+  password: "_the_password_of_the_bind_user"
+  encryption: "simple_tls"
+  verify_certificates: true
+  uid: "sAMAccountName"
+  active_directory: true
+  user_filter: ""
+  base: "dc=example,dc=com"
+
 # IMAP settings (for email replies to comments etc.)
 gitlab_imap:
  enabled: false
--- a/roles/gitlab/templates/docker-compose.yml
+++ b/roles/gitlab/templates/docker-compose.yml
@ -121,6 +121,36 @@ services:
        registry_nginx['listen_https'] = false
 {% endif %}

+{% if gitlab_ldap.enabled %}
+        gitlab_rails['ldap_enabled'] = true
+        gitlab_rails['prevent_ldap_sign_in'] = false
+        gitlab_rails['ldap_servers'] = {
+        'main' => {
+          'label' => '{{ gitlab_ldap.label }}',
+          'host' =>  '{{ gitlab_ldap.host }}',
+          'port' => {{ gitlab_ldap.port }},
+          'uid' => '{{ gitlab_ldap.uid }}',
+          'encryption' => '{{ gitlab_ldap.encryption }}',
+          'verify_certificates' => {{ gitlab_ldap.verify_certificates | bool | lower }},
+          'bind_dn' => '{{ gitlab_ldap.bind_dn }}',
+          'password' => '{{ gitlab_ldap.password }}',
+          'timeout' => 10,
+          'active_directory' => {{ gitlab_ldap.active_directory | bool | lower }},
+          'allow_username_or_email_login' => false,
+          'block_auto_created_users' => false,
+          'base' => '{{ gitlab_ldap.base }}',
+          'attributes' => {
+            'username' => ['uid', 'userid', 'sAMAccountName'],
+            'email' => ['mail', 'email', 'userPrincipalName'],
+            'name' => 'cn',
+            'first_name' => 'givenName',
+            'last_name' => 'sn'
+          },
+          'lowercase_usernames' => false
+          }
+        }
+{% endif %}
+
 {% if gitlab_saml.enabled %}
        # SAML settings
        gitlab_rails['omniauth_enabled'] = true