Assign custom role to ldap group sync members
What does this MR do and why?
- Allows LDAP group sync users to be assigned to a custom role
- Resolves #435229 (closed)
- Follows up from !155676 (merged)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Before | After |
---|---|
How to set up and validate locally
- Enable LDAP but updating
<gdk-directory>/gdk.yml
. After updating it, rungdk reconfigure
openldap:
alt:
host: 127.0.0.1
enabled: true
main:
host: 127.0.0.1
- In
<gdk-directory>/gitlab/config/gitlab.yml
underproduction:
andldap:
, change the following keys to the values given below. After updating it, rungdk restart
enabled: true
servers:
main:
# ...
host: 127.0.0.1
port: 3890 # on macOS: 3891
uid: 'uid'
# ...
base: 'dc=example,dc=com'
group_base: 'ou=groups,dc=example,dc=com' # Insert this
- Log-in as admin. Make sure you have Ultimate license enabled.
- Go to
/admin/application_settings/roles_and_permissions
and create a custom role. - Navigate to any group that you are an owner of.
- Then go to
Settings > LDAP synchronization
. ForLDAP group cn
, selectgroup1
and forLDAP access
select the custom role you just created. Click onAdd synchronization
. - Go to
Manage
>Members
and click onSync changes
. - Open an incognito window and using the
LDAP
tab, log-in as one of the test users - Go back to the members page, click on
Sync changes
again and you should see the LDAP user with the custom role assigned to them.
Related to #435229 (closed)
Edited by Hinam Mehra