From: John Crygier Date: Tue, 10 Apr 2012 18:50:51 +0000 (-0500) Subject: Documentation for LDAP. Covers the setup case that is in the JUnit Integration Test. X-Git-Tag: v1.0.0~72^2~3 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=073b11b1e33c2c52a0796b75920b588c937eb6e9;p=gitblit.git Documentation for LDAP. Covers the setup case that is in the JUnit Integration Test. --- diff --git a/docs/01_setup.mkd b/docs/01_setup.mkd index 75b51419..a7b4cdaa 100644 --- a/docs/01_setup.mkd +++ b/docs/01_setup.mkd @@ -447,4 +447,63 @@ Nothing special to configure, EGit figures out everything.
https://yourserver/git/your/repository
- **Command-line Git** My testing indicates that your username must be embedded in the url. YMMV. -
https://username@yourserver/git/your/repository
\ No newline at end of file +
https://username@yourserver/git/your/repository
+ +## LDAP Support +*SINCE 1.0.0* + +LDAP can be used with Gitblit to read Users and the Teams that they belong to. If configured, LDAP will be queried upon every login to the system, and synchronize that information with the traditional Gitblit backed file (.conf or .properties). This "lazy" reading approach provides for fast reaction times, but will force a user to log in before you can maintain them (or their teams). + +### Example Diagram (with attributes) +![block diagram](ldapSample.png "LDAP Sample") + +Please see /tests/com/gitblit/tests/resources/ldapUserServiceSampleData.ldif to see the data in LDAP that reflects the above picture. + +### GitBlit Properties (See gitblit.properties for full description) +The following is are descriptions of the properties that would follow the sample layout of an LDAP (or Active Directory) setup above. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
realm.ldap.serverldap://localhost:389Tells Gitblit to connect to the LDAP server on localhost, port 389. URL Must be of form ldap(s)://: with port being optional (389 for ldap, 636 for ldaps).
realm.ldap.usernamecn=Directory ManagerThe credentials that will log into this gitblit server
realm.ldap.passwordpasswordThe credentials that will log into this gitblit server
realm.ldap.backingUserServiceusers.confWhere to store all information that is used by Gitblit. All information will be synced here upon user login.
realm.ldap.maintainTeamstrueAre users maintained in LDAP (true), or manually in Gitblit (false).
realm.ldap.accountBaseOU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomainWhat is the root node for all users in this LDAP system. Searches will be subtree searches starting from this node.
realm.ldap.accountPattern(&(objectClass=person)(sAMAccountName=${username}))The LDAP Search filter that will match a particular user in LDAP. ${username} will be replaced with whatever the user types in as their user name.
realm.ldap.groupBaseOU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomainWhat is the root node for all teams in this LDAP system. Searches will be subtree searches starting from this node.
realm.ldap.groupMemberPattern(&(objectClass=group)(member=${dn}))The LDAP Search filter that will match all teams for the logging in user in LDAP. ${username} will be replaced with whatever the user types in as their user name. Anything else in ${} will be replaced by Attributes on the User node.
realm.ldap.admins@Git_AdminsA space delimited list of users and teams (if starting with @) that indicate admin status in Gitblit.
+ +You may notice that there are no properties to find the password on the User record. This is intentional, and the service utilizes the LDAP login process to verify that the user credentials are correct. + +You can also start Gitblit GO with an in-memory (backed by an LDIF file) LDAP server by using the --ldapLdifFile property. It will always start at ldap://localhost:389, so be sure to set that in gitblit.settings. It reads the user / password in gitblit.settings to create the root user login. + +Finally, writing back to LDAP is not implemented at this time, so do not worry about corrupting your corporate LDAP. Many orgnizations are likely to go through a different flow to update their LDAP, so it's unlikely that this will become a feature. \ No newline at end of file diff --git a/docs/ldapSample.png b/docs/ldapSample.png new file mode 100644 index 00000000..fd8c999a Binary files /dev/null and b/docs/ldapSample.png differ