如何授权两个 Gitlab 和 Freeipa 容器(LDAP)之间的连接?

tag-icon tag-icon server docker ldap gitlab single-sign-on
如何授权两个 Gitlab 和 Freeipa 容器(LDAP)之间的连接?

这是我的问题。我有一个自由IPA LDAP (centos-8-stream-4.9.8)实例和另一个Gitlab(16.0.2-ee.0)在两个独立的容器中本地运行的实例。

这些实例是通过docker-compose。这些实例没有问题,都可以访问并且运行正常。

我正在尝试使用 LDAP 与我的 Gitlab 实例和 Freeipa 服务器建立 SSO 连接。

在我的本机上,以下命令有效:

ldapsearch -x -H ldap://freeipa.packops.local -D "uid=admin,cn=users,cn=accounts,dc=packops,dc=local" -b "uid=user,cn=users,cn=accounts,dc=packops,dc=local" -w YOURPASSWORD

并返回此结果:

   # extended LDIF
#
# LDAPv3
# base <uid=user,cn=users,cn=accounts,dc=packops,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# user, users, accounts, packops.local
dn: uid=user,cn=users,cn=accounts,dc=packops,dc=local
givenName: user
sn: user
uid: user
cn: user user
displayName: user user
initials: uu
gecos: user user
krbPrincipalName: [email protected]
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
objectClass: ipantuserattrs
loginShell: /bin/sh
homeDirectory: /home/user
mail: [email protected]
krbCanonicalName: [email protected]
ipaUniqueID: cee7019e-0f37-11ee-94dc-0242ac120002
uidNumber: 1615800003
gidNumber: 1615800003
krbPasswordExpiration: 20230620065805Z
krbLastPwdChange: 20230620065805Z
krbExtraData:: AAL9TZFkcm9vdC9hZG1pbkBQQUNLT1BTLkxPQ0FMAA==
mepManagedEntry: cn=user,cn=groups,cn=accounts,dc=packops,dc=local
ipaNTSecurityIdentifier: S-1-5-21-1133753079-3484878407-2653100528-1003
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=packops,dc=local

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

但是,当我连接到我的 Gitllab 容器并执行相同的命令时,我得到了以下结果:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

这是我的 Gitlab.rb 配置:

###! **remember to close this block with 'EOS' below**                         
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'                                 
   main: # 'main' is the GitLab 'provider ID' of this LDAP server                             
     label: 'LDAP'                                                                     
     host: 'freeipa.packops.local'                                                           
     port: 389                                                                                 
     uid: 'uid'                                                                
     bind_dn: 'uid=admin,cn=users,cn=accounts,dc=packops,dc=local'                
     password: 'YOURPASSWORD'                                                                            
     encryption: 'start_tls' # "start_tls" or "simple_tls" or "plain"                                         
     active_directory: false                                                              
     allow_username_or_email_login: false                                        
     base: 'cn=users,cn=accounts,dc=packops,dc=local'                           
     user_filter: ''                                                            
EOS

如何授权我的 Freeipa 容器和 Gitlab 容器之间的连接?

如果您有任何解决方案的建议,我很乐意听取您的意见。

如果您还有其他问题,请随时问我。

相关内容