Commit e59ae3e5 authored by Marin Jankovski's avatar Marin Jankovski

Change branch to 7-4-stable. Add multiple ldap servers support.

parent 8cee7b44
......@@ -74,7 +74,7 @@ if node['gitlab']['env'] == "development"
default['gitlab']['shell_revision'] = "master"
else
default['gitlab']['environments'] = %w{production}
default['gitlab']['revision'] = "7-3-stable" # Must be branch, otherwise GitLab update will run on each chef run
default['gitlab']['revision'] = "7-4-stable" # Must be branch, otherwise GitLab update will run on each chef run
default['gitlab']['url'] = "http://localhost:80/"
default['gitlab']['port'] = "80"
default['gitlab']['ssh_port'] = "22"
......@@ -117,6 +117,12 @@ default['gitlab']['ldap']['bind_dn'] = "_the_full_dn_of_the_user_you_will_bind_w
default['gitlab']['ldap']['password'] = "_the_password_of_the_bind_user"
default['gitlab']['ldap']['allow_username_or_email_login'] = true
# Supply hash of one or more LDAP servers, eg:
# { main => {"label"=>"ldap","host"=>"127.0.0.1","port":3890,"uid"=>"uid","method"=>"plain","base"=>"dc=example,dc=com","user_filter"=>"","group_base"=>"ou=groups,dc=example,dc=com","admin_group"=>"","sync_ssh_keys":false},
# secondary => {"label"=>"ldap","host"=>"127.0.0.1","port":3890,"uid"=>"uid","method"=>"plain","base"=>"dc=example,dc=com","user_filter"=>"","group_base"=>"ou=groups,dc=example,dc=com","admin_group"=>"","sync_ssh_keys":false}
# }
default['gitlab']['ldap_servers'] = {}
# LDAP Filter Example: Recursive query of group membership
# default['gitlab']['ldap']['user_filter'] = '(&(objectcategory=person)(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=Gitlab Users,OU=USA,DC=int,DC=contoso,DC=com))'
default['gitlab']['ldap']['user_filter'] = ''
......
......@@ -41,6 +41,7 @@ template File.join(gitlab['path'], 'config', 'gitlab.yml') do
:gravatar_plain_url => gitlab['gravatar_plain_url'],
:gravatar_ssl_url => gitlab['gravatar_ssl_url'],
:ldap_config => gitlab['ldap'],
:ldap_servers => gitlab['ldap_servers'],
:ssh_port => gitlab['ssh_port'],
:backup => gitlab['backup'],
})
......
......@@ -15,7 +15,7 @@ describe "gitlab::clone" do
it "clones the gitlab repository" do
expect(chef_run).to sync_git('/home/git/gitlab').with(
repository: 'https://github.com/gitlabhq/gitlabhq.git',
revision: '7-3-stable',
revision: '7-4-stable',
user: 'git',
group: 'git'
)
......@@ -49,7 +49,7 @@ describe "gitlab::clone" do
it "clones the gitlab repository" do
expect(chef_run).to sync_git('/data/git/gitlab').with(
repository: 'https://github.com/gitlabhq/gitlabhq.git',
revision: '7-3-stable',
revision: '7-4-stable',
user: 'git',
group: 'git'
)
......@@ -69,7 +69,7 @@ describe "gitlab::clone" do
it "clones the gitlab repository" do
expect(chef_run).to sync_git('/home/git/gitlab').with(
repository: 'https://github.com/gitlabhq/gitlabhq.git',
revision: '7-3-stable',
revision: '7-4-stable',
user: 'git',
group: 'git'
)
......@@ -103,7 +103,7 @@ describe "gitlab::clone" do
it "clones the gitlab repository" do
expect(chef_run).to sync_git('/data/git/gitlab').with(
repository: 'https://github.com/gitlabhq/gitlabhq.git',
revision: '7-3-stable',
revision: '7-4-stable',
user: 'git',
group: 'git'
)
......
......@@ -132,63 +132,69 @@ production: &base
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: <%= @ldap_config["enabled"] %>
host: '<%= @ldap_config["host"] %>'
port: <%= @ldap_config["port"] %>
uid: '<%= @ldap_config["uid"] %>'
method: '<%= @ldap_config["method"] %>' # "ssl" or "plain"
bind_dn: '<%= @ldap_config["bind_dn"] %>'
password: '<%= @ldap_config["password"] %>'
# This setting controls the amount of time between LDAP permission checks for each user.
# After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed.
# How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time.
# The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour.
#
# Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users.
sync_time: <%= @ldap_config["sync_time"] %>
# If allow_username_or_email_login is enabled, GitLab will ignore everything
# after the first '@' in the LDAP username submitted by the user on login.
#
# Example:
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
#
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
# disable this setting, because the userPrincipalName contains an '@'.
allow_username_or_email_login: <%= @ldap_config["allow_username_or_email_login"] %>
# Base where we can search for users
#
# Ex. ou=People,dc=gitlab,dc=example
#
base: '<%= @ldap_config["base"] %>'
# Filter LDAP users
#
# Format: RFC 4515
# Ex. (employeeType=developer)
#
user_filter: '<%= @ldap_config["user_filter"] %>'
# Base where we can search for groups
#
# Ex. ou=Groups,dc=gitlab,dc=example
#
group_base: <%= @ldap_config['group_base'] %>
# LDAP group of users who should be admins in GitLab
#
# Ex. GLAdmins
#
admin_group: <%= @ldap_config['admin_group'] %>
# Name of attribute which holds a ssh public key of the user object.
# If false or nil, SSH key syncronisation will be disabled.
#
# Ex. sshpublickey
#
sync_ssh_keys: <%= @ldap_config['sync_ssh_keys'] %>
<% if @ldap_servers.any? %>
<% @ldap_servers.each do |provider_id, settings| %>
<%= provider_id %>: <%= settings.to_json %>
<% end %>
<% else %>
host: '<%= @ldap_config["host"] %>'
port: <%= @ldap_config["port"] %>
uid: '<%= @ldap_config["uid"] %>'
method: '<%= @ldap_config["method"] %>' # "ssl" or "plain"
bind_dn: '<%= @ldap_config["bind_dn"] %>'
password: '<%= @ldap_config["password"] %>'
# This setting controls the amount of time between LDAP permission checks for each user.
# After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed.
# How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time.
# The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour.
#
# Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users.
sync_time: <%= @ldap_config["sync_time"] %>
# If allow_username_or_email_login is enabled, GitLab will ignore everything
# after the first '@' in the LDAP username submitted by the user on login.
#
# Example:
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
#
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
# disable this setting, because the userPrincipalName contains an '@'.
allow_username_or_email_login: <%= @ldap_config["allow_username_or_email_login"] %>
# Base where we can search for users
#
# Ex. ou=People,dc=gitlab,dc=example
#
base: '<%= @ldap_config["base"] %>'
# Filter LDAP users
#
# Format: RFC 4515
# Ex. (employeeType=developer)
#
user_filter: '<%= @ldap_config["user_filter"] %>'
# Base where we can search for groups
#
# Ex. ou=Groups,dc=gitlab,dc=example
#
group_base: <%= @ldap_config['group_base'] %>
# LDAP group of users who should be admins in GitLab
#
# Ex. GLAdmins
#
admin_group: <%= @ldap_config['admin_group'] %>
# Name of attribute which holds a ssh public key of the user object.
# If false or nil, SSH key syncronisation will be disabled.
#
# Ex. sshpublickey
#
sync_ssh_keys: <%= @ldap_config['sync_ssh_keys'] %>
<% end %>
## OmniAuth settings
omniauth:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment