LDAP Directories


LDAP

GitLab can directly connect to LDAP servers

Example setup

LDAP backend based on OpenLDAP

Management UI based on Keycloak


Hands-On: Deployment

Prepare persistent volumes for new components:

docker volume create openldap_data
docker volume create postgresql_data
docker volume create keycloak_data

Deploy additional components:

# Deploy components for LDAP
cd ../120_ldap/
docker compose --project-name gitlab \
    --file ../100_reverse_proxy/compose.yml \
    --file compose.yml \
    up -d

Hands-On: Configuration in Keycloak

Two users are automatically created:

Login using one these users


Alternative: Single Sign-On

GitLab can use an SAML Identity Provider to authenticate users

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [{
  name: "saml",
  label: "my-label",
  args: {
    assertion_consumer_service_url: "https://gitlab.seatN.inmylab.de/users/auth/saml/callback",
    idp_cert_fingerprint: "<FINGERPRINT>",
    idp_sso_target_url: "https://login.foo.com/bar",
    issuer: "MyIssuer",
    name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
    attribute_statements: { name: ['name'], first_name: ['first_name'], last_name: ['last_name'], nickname: ['username'] }
    }
}]