GitLab can directly connect to LDAP servers
LDAP backend based on OpenLDAP
Management UI based on Keycloak
Prepare persistent volumes for new components:
docker volume create openldap_data
docker volume create postgresql_data
docker volume create keycloak_data
Deploy additional components:
# Deploy components for LDAP
cd ../120_ldap/
docker compose --project-name gitlab \
--file ../100_reverse_proxy/compose.yml \
--file compose.yml \
up -d
Two users are automatically created:
user01:password1
user02:password2
Login using one these users
GitLab can use an SAML Identity Provider to authenticate users
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [{
name: "saml",
label: "my-label",
args: {
assertion_consumer_service_url: "https://gitlab.seatN.inmylab.de/users/auth/saml/callback",
idp_cert_fingerprint: "<FINGERPRINT>",
idp_sso_target_url: "https://login.foo.com/bar",
issuer: "MyIssuer",
name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
attribute_statements: { name: ['name'], first_name: ['first_name'], last_name: ['last_name'], nickname: ['username'] }
}
}]