In this blog post I’m showing how to integrate GitLab Server with a Samba-based Active Directory. Note: The same setup and configuration should also work with a Windows-based Active Directory.
To “connect” from the Gitlab to AD, a System Account is required for the LDAP Binding (so-called LDAP bind account).
In addition I’m creating two AD groups, one for users and the other one for admins. The users in the user group should then have a “standard” access to GitLab. The users in the admin group should have “standard” access plus “administrative” access to manage the GitLab server settings.
The configuration file /etc/gitlab/gitlab.rb must be adjusted with the configuration settings for the Samba-AD (or Windows-AD) Server LDAP integration. The technical details of the LDAP integration are available in the documentation at GitLab General LDAP setup.
To activate the new configuration with LDAP, the GitLab server must be reconfigured. This can be accomplished by the following command:
To check the LDAP configuration the following command can be used:
The LDAP authentication should show a Success for a successful LDAP bind and the users which should have access should be listed as well.
If the reconfiguration and check was successful, the Web-UI of the GitLab Server then should show LDAP as login option.