Git and Active Directory / Ldap authentication
Thu, Apr 26, 2012
GitStack supports user authentication from Active Directory and any ldap compliant external system. Active Directory will be taken as an example in this tutorial.
GitStack provides two main features :
- Synchronization with Active Directory users in GitStack
- Authentication with Active Directory from your Git client (on clone and push)
We will go through the configuration of your git server with active directory.
Enter a password and uncheck “User must change password at next logon”.
This user will be used to retrieve the list of Active Directory users.
In our example we have :
protocol : ldap
host : 192.168.1.54
Base dn : CN=Users,DC=contoso,DC=com (Where our future users of GitStack are located)
Attribute : sAMAccountName (Field matching the active directory users username)
Scope : sub (“one” will search only on the current level, “sub” will search also on the lower levels)
Filter : (objectClass=person) (the type of objects you are searching for)
Bind DN : CN=gitstack,CN=Users,DC=contoso,DC=com (the distinguished name of our gitstack user)
Bind password : *****
Test you settings by clicking on the “Test ldap settings” button. A green “Ldap server successfully contacted” should appear at the top of the page.
Save you settings by clicking on the “Save” button.
Click on “Sync saved settings with ldap”. Your Active Directory users in the Base Dn will be imported into GitStack.
Your git repository is now correctly configured. You can now clone, commit and push from your git client using the user’s ldap credentials.
GitStack provides two main features :
- Synchronization with Active Directory users in GitStack
- Authentication with Active Directory from your Git client (on clone and push)
We will go through the configuration of your git server with active directory.
1. Follow the Getting Started tutorial
Follow the Getting Started tutorial and stop before the “Add new user” step.2. Create an user account for GitStack
On Active Directory, create a new user as usual with the username “gitstack”.Enter a password and uncheck “User must change password at next logon”.
This user will be used to retrieve the list of Active Directory users.
3. Configure GitStack to authenticate with Active Directory
On GitStack, click on “Settings”, “Authentication” then on the “Ldap users” radio button. Fill the parameters.
In our example we have :
protocol : ldap
host : 192.168.1.54
Base dn : CN=Users,DC=contoso,DC=com (Where our future users of GitStack are located)
Attribute : sAMAccountName (Field matching the active directory users username)
Scope : sub (“one” will search only on the current level, “sub” will search also on the lower levels)
Filter : (objectClass=person) (the type of objects you are searching for)
Bind DN : CN=gitstack,CN=Users,DC=contoso,DC=com (the distinguished name of our gitstack user)
Bind password : *****
Test you settings by clicking on the “Test ldap settings” button. A green “Ldap server successfully contacted” should appear at the top of the page.
Save you settings by clicking on the “Save” button.
Click on “Sync saved settings with ldap”. Your Active Directory users in the Base Dn will be imported into GitStack.
4. Add an Active Directory user to a git repository
Click on “Repositories”, “Permissions” icon and click on “Add user” button.
5. Clone and push from your Git Client
Your git repository is now correctly configured. You can now clone, commit and push from your git client using the user’s ldap credentials.
I am having trouble getting gitstack to connect to my ldap server. I am pretty sure my settings are correct as I use them to connect with other applications and tools. Are there any log files where I could see what is going on other than the “Can’t contact LDAP server” error message when “Test ldap settings” button?
Hi Jason, Could you please ask your question in the Q&A section ?
Thank you
Contacted the ldap server just fine, but then Sync Saved Settings gave extremely long error message, starting with “Exception at /rest/settings/authentication/ldap/sync/ ‘sAMAccountName’ Request Method: GET Request URL: http://marilyn:8280/rest/settings/authentication/ldap/sync/?_=1355266944615…