(Last Updated On: April 28, 2019)

In this guide, I’ll show you how to configure your GitLab Server to Authenticate users against the FreeIPA server. FreeIPA is an Open Source Identity management system sponsored by Red Hat.

On the other hand, GitLab is a fully-featured platform for accelerated software development. It provides up to scratch features like integrated CI/CD, Auto DevOps, Kubernetes integration, GitLab Container Registry e.t.c.

By leveraging FreeIPA advanced user management features, it becomes easy to manage user access to your GitlLab server. You don’t have to create users manually on GitLab Server, which can be tedious for large companies.

Configure GitLab FreeIPA Authentication – Pre-requisites

The pre-requisites for this setup are:

  • Running GitLab Server
  • Running FreeIPA Server

If you’re interested in doing a fresh installation of FreeIPA or GitLab server, you can refer to our guides below:

How to Install FreeIPA Server on CentOS 7

How to Install FreeIPA Server on Ubuntu 18.04 and Ubuntu 16.04

For GitLab, we have the guides:

Install Gitlab CE on Ubuntu 18.04 / Debian 9

Install Gitlab CE on CentOS 7 / Fedora 29 / Fedora 28

The steps to setup GitLab FreeIPA authentication are as follows.

Step 1: Create LDAP Bind User on FreeIPA

We’ll need a user for binding to FreeIPA Server.  Login to your FreeIPA Server and create a user called gitlab

Navigate to Identity > Users > Add

Fill in the required details and click “Add

Step 2: Configure GitLab Server

If you don’t have a domain name for FreeIPA Server configured on DNS, add the line to /etc/hosts file.

echo "192.168.3.10 ipa.example.com" | sudo tee -a /etc/hosts

Edit /etc/gitlab/gitlab.rb and enable LDAP

gitlab_rails['ldap_enabled'] = true

Then specify the path to file with LDAP settings for FreeIPA

gitlab_rails['ldap_servers'] = YAML.load_file('/etc/gitlab/freeipa_settings.yml')

Lastly, create the YAML file to hold IPA connection settings

sudo vim /etc/gitlab/freeipa_settings.yml

Configure like below:

main: 
  label: 'FreeIPA'
  host: 'ipa.example.com'
  port: 389
  uid: 'uid'
  method: 'tls'
  bind_dn: 'uid=gitlab,cn=users,cn=accounts,dc=example,dc=com'
  password: 'gitlabuserpassword'
  encryption: 'plain'
  base: 'cn=accounts,dc=example,dc=com'
  verify_certificates: false
  attributes:
    username: ['uid']
    email: ['mail']
    name: 'displayName'
    first_name: 'givenName'
    last_name: 'sn'

Substitute:

  • ipa.example.com with FreeIPA server hostname
  • All appearances of example and com with your FreeIPA server domain components.
  • gitlabuserpassword with your gitlab IPA user password.

Save the file then reconfigure GitLab:

sudo gitlab-ctl reconfigure

Step 2: Login to GitLab via FreeIPA

You can now login to your GitLab server using user credentials on FreeIPA server.

Hit “Sign in” to login to your GitLab server with the provided username.

And Boom!, you’re in. Also check:

How to Secure GitLab server with SSL certificate

How to disable GitLab User registration on Login page