Skip to content

Assign custom role to ldap group sync members

Hinam Mehra requested to merge 435229-ldap-sync-custom-roles into master

What does this MR do and why?

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before After
Screenshot_2024-06-13_at_7.22.37_PM Screenshot_2024-06-13_at_7.41.36_PM
Screenshot_2024-06-13_at_7.48.23_PM

How to set up and validate locally

  1. Enable LDAP but updating <gdk-directory>/gdk.yml. After updating it, run gdk reconfigure 
openldap:
  alt:
    host: 127.0.0.1
  enabled: true
  main:
    host: 127.0.0.1
  1. In <gdk-directory>/gitlab/config/gitlab.yml under production: and ldap:, change the following keys to the values given below. After updating it, run gdk restart 
  enabled: true
  servers:
    main:
      # ...
      host: 127.0.0.1
      port: 3890  # on macOS: 3891
      uid: 'uid'
      # ...
      base: 'dc=example,dc=com'
      group_base: 'ou=groups,dc=example,dc=com'  # Insert this
  1. Log-in as admin. Make sure you have Ultimate license enabled.
  2. Go to /admin/application_settings/roles_and_permissions and create a custom role.
  3. Navigate to any group that you are an owner of.
  4. Then go to Settings > LDAP synchronization. For LDAP group cn, select group1 and for LDAP access select the custom role you just created. Click on Add synchronization.
  5. Go to Manage > Members and click on Sync changes.
  6. Open an incognito window and using the LDAP tab, log-in as one of the test users
  7. Go back to the members page, click on Sync changes again and you should see the LDAP user with the custom role assigned to them.

Related to #435229 (closed)

Edited by Hinam Mehra

Merge request reports