Perforce Public Knowledge Base - Setting up LDAP authentication in Helix GitSwarm
Downloads Blog Company Integrations Careers Contact Try Free
Menu Search
Reset Search



Setting up LDAP authentication in Helix GitSwarm

« Go Back


How do you configure Helix GitSwarm 2015.2 to use an LDAP server for password authentication?
Note: In later versions of Helix GitSwarm authentication should be possible via P4D or using the following method.

Step 1 - Install OpenLdap

If you do not already have LDAP installed use the following instructions to set it up on an Ubuntu system:
Important note: Setup a group using the 'Generic: Posix Group' template:


so that you can add a Child Entry of template type 'Default' with type 'Account'.

The example LDAP tree used in this article is:

Step 2 - Test your credentials using 'ldapsearch'
$ ldapsearch -LL -v -h -b "cn=users,dc=test,dc=com" -D "cn=admin,dc=test,dc=com" -w Password  "(uid=p4test1)" uid
ldap_initialize( ldap:// )
filter: (uid=p4test1)
requesting: uid
version: 1

dn: cn=p4test1,cn=users,dc=test,dc=com
uid: p4test1

-h = LDAP server
-b = container for your users
-D = user that can search the ldap directories
-w = Password for user that can search LDAP
"(uid=p4test1)" = the uid field and a known user in the LDAP server.
uid = The 'uid' field

Step 3 - Edit /etc/gitswarm/gitswarm.rb

Uncomment and complete the fields in '/etc/gitswarm/gitswarm.rb' to match the above settings:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
     host: ''
     port: 389
     uid: 'uid'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: 'CN=admin,DC=test,DC=com'
     password: 'Password'
     active_directory: false
     allow_username_or_email_login: true
     block_auto_created_users: false
     base: 'CN=users,DC=test,DC=com'
     user_filter: ''

The above settings work for an OpenLdap directory that uses 'uid' to identify a user. Other directory providers such as Active Directory will use a different 'uid' field (usually 'sAMAccountName').

Step 4 - Load config and restart server
gitswarm-ctl reconfigure
gitswarm-ctl restart

Step 5 - Test

On the Helix GitSwarm login page there should now be two tabs 'LDAP' and 'Standard'. Use 'LDAP' to login via the LDAP server.

If the password is incorrect or there is a mistake in the configuration the following error is displayed:

If this is the first time this user has logged into Helix GitSwarm and no matching user or email address exists you will need to complete the profile page for the user.
Related Links



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255