--On Sunday, May 07, 2017 5:49 PM +0200 Xaar xaar@linux.pl wrote:
Hello,
I want to authenticate users via OpenLDAP to Gitlab. In Gitlab configuration there is a gitlab.rb file, where I can write some special user (let it be gitlabuser) with credentials who will be bind to ldap server. Now my question is, what acl should I provide to this user on OpenLDAP server to allow other users authenticate to Gitlab ?
Now my DIT looks like this:
dc=company,dc=com | |
- cn=admin
- cn=gitlabuser
| |
- ou=Groups
- ou=Users -> here are users which I want to give access to Gitlab
Is this entry is fair enough ?
dn: olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: {0} to attrs=userPassword by anonymous auth by dn=„cn=admin,dc=company,dc=com" write by * none olcAccess: {1} to dn.base=„" by * read olcAccess: {2} to * by * read
It would allow anyone (anonymous or authenticated) to read all your entries, minus the userPassword attribute. Depending on your security requirements, this may or may not be desirable.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org