In this guide, I’ll show you how to configure your GitLab Server to Authenticate users against the FreeIPA server. FreeIPA is an Open Source Identity management system sponsored by Red Hat.

On the other hand, GitLab is a fully-featured platform for accelerated software development. It provides up to scratch features like integrated CI/CD, Auto DevOps, Kubernetes integration, GitLab Container Registry e.t.c.

By leveraging FreeIPA advanced user management features, it becomes easy to manage user access to your GitlLab server. You don’t have to create users manually on GitLab Server, which can be tedious for large companies.

Configure GitLab FreeIPA Authentication – Pre-requisites

The pre-requisites for this setup are:

  • Running GitLab Server
  • Running FreeIPA Server

If you’re interested in doing a fresh installation of FreeIPA or GitLab server, you can refer to our guides below:

How to Install FreeIPA Server on CentOS 7

How to Install FreeIPA Server on Ubuntu

For GitLab, we have the guides:

Install Gitlab CE on Ubuntu

Install Gitlab CE on CentOS 7 / Fedora

The steps to setup GitLab FreeIPA authentication are as follows.

Step 1: Create LDAP Bind User on FreeIPA

We’ll need a user for binding to FreeIPA Server.  Login to your FreeIPA Server and create a user called gitlab

Navigate to Identity > Users > Add

gitlab create bind user

Fill in the required details and click “Add

Step 2: Configure GitLab Server

If you don’t have a domain name for FreeIPA Server configured on DNS, add the line to /etc/hosts file.

$ sudo vim /etc/hosts
192.168.3.10 ipa.example.com

Edit /etc/gitlab/gitlab.rb and enable LDAP

gitlab_rails['ldap_enabled'] = true

Then specify the path to file with LDAP settings for FreeIPA

gitlab_rails['ldap_servers'] = YAML.load_file('/etc/gitlab/freeipa_settings.yml')

Lastly, create the YAML file to hold IPA connection settings

sudo vim /etc/gitlab/freeipa_settings.yml

Configure like below:

main: 
  label: 'FreeIPA'
  host: 'ipa.example.com'
  port: 389
  uid: 'uid'
  method: 'tls'
  bind_dn: 'uid=gitlab,cn=users,cn=accounts,dc=example,dc=com'
  password: 'gitlabuserpassword'
  encryption: 'plain'
  base: 'cn=accounts,dc=example,dc=com'
  verify_certificates: false
  attributes:
    username: ['uid']
    email: ['mail']
    name: 'displayName'
    first_name: 'givenName'
    last_name: 'sn'

Substitute:

  • ipa.example.com with FreeIPA server hostname
  • All appearances of example and com with your FreeIPA server domain components.
  • gitlabuserpassword with your gitlab IPA user password.

Save the file then reconfigure GitLab:

sudo gitlab-ctl reconfigure

Step 2: Login to GitLab via FreeIPA

You can now login to your GitLab server using user credentials on FreeIPA server.

gitlab server login with freeipa user

Hit “Sign in” to login to your GitLab server with the provided username.

install gitlab ubuntu 18.04 debian 9 interface 1

And Boom!, you’re in. Also check:

How to Secure GitLab server with SSL certificate

How to disable GitLab User registration on Login page

GitLab CI Learning Courses:

Git Learning Video Courses:


Your support is our everlasting motivation,
that cup of coffee is what keeps us going!


As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.

LEAVE A REPLY

Please enter your comment!
Please enter your name here