Perforce Public Knowledge Base - Setting up LDAP authentication in Helix GitSwarm
× PRODUCTS SOLUTIONS CUSTOMERS LEARN SUPPORT
Downloads Company Partners Careers Contact Free Trials
Menu Search
Perforce
Reset Search
 

 

Article

Setting up LDAP authentication in Helix GitSwarm

« Go Back

Information

 
Problem
How do you configure Helix GitSwarm 2015.2 to use an LDAP server for password authentication?
 
Solution
Note: In later versions of Helix GitSwarm authentication should be possible via P4D or using the following method.

Step 1 - Install OpenLdap

If you do not already have LDAP installed use the following instructions to set it up on an Ubuntu system:
 
Important note: Setup a group using the 'Generic: Posix Group' template:

 

so that you can add a Child Entry of template type 'Default' with type 'Account'.

The example LDAP tree used in this article is:
 

Step 2 - Test your credentials using 'ldapsearch'
 
$ ldapsearch -LL -v -h 1.2.3.4 -b "cn=users,dc=test,dc=com" -D "cn=admin,dc=test,dc=com" -w Password  "(uid=p4test1)" uid
ldap_initialize( ldap://1.2.3.4 )
filter: (uid=p4test1)
requesting: uid
version: 1

dn: cn=p4test1,cn=users,dc=test,dc=com
uid: p4test1

Where:
-h = LDAP server
-b = container for your users
-D = user that can search the ldap directories
-w = Password for user that can search LDAP
"(uid=p4test1)" = the uid field and a known user in the LDAP server.
uid = The 'uid' field

Step 3 - Edit /etc/gitswarm/gitswarm.rb

Uncomment and complete the fields in '/etc/gitswarm/gitswarm.rb' to match the above settings:
 
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
     host: '1.2.3.4'
     port: 389
     uid: 'uid'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: 'CN=admin,DC=test,DC=com'
     password: 'Password'
     active_directory: false
     allow_username_or_email_login: true
     block_auto_created_users: false
     base: 'CN=users,DC=test,DC=com'
     user_filter: ''
EOS

The above settings work for an OpenLdap directory that uses 'uid' to identify a user. Other directory providers such as Active Directory will use a different 'uid' field (usually 'sAMAccountName').

Step 4 - Load config and restart server
 
gitswarm-ctl reconfigure
gitswarm-ctl restart

Step 5 - Test

On the Helix GitSwarm login page there should now be two tabs 'LDAP' and 'Standard'. Use 'LDAP' to login via the LDAP server.
 

If the password is incorrect or there is a mistake in the configuration the following error is displayed:
 

If this is the first time this user has logged into Helix GitSwarm and no matching user or email address exists you will need to complete the profile page for the user.
 
 
Related Links

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255