gitlab and gitolite can be integrated with Active Directory (or another LDAP server), but how it works is a bit roundabout.
- User logs in to gitlab web interface
- gitlab checks user’s credentials against Active Directory (via ominauth plugin) and allows log in
- User uploads SSH key via gitlab web interface
- gitlab writes key to gitolite keys dir?
- User attempts to access repo via SSH (e.g.
git clone git@host:repo.git) - SSH key is sent
- gitolite checks keys dir and finds key
- gitolite checks repository permissions and decides to allow the operation
- This could be because user is a member of an AD group which has been assigned perms in
gitolite.conf - Script to pull group info from AD
- This could be because user is a member of an AD group which has been assigned perms in
- repo is cloned
Simples!
openid
Aug 30, 2012, 0:01
this may sound a little bit noobish but… Lets say everything is up and running. A co-worker wants to log in to the gitlab web interface. Do I have to create the new co-workerUSER and that user is going to be checked against ldap or he just logs in (he is already in ldap) and everything should be working fine?
Best Regards, SirMonkey
Comments are closed for this post.