Authentication workflow for gitlab, gitolite and AD

gitlab and gitolite can be integrated with Active Directory (or another LDAP server), but how it works is a bit roundabout.

  • User logs in to gitlab web interface
  • gitlab checks user’s credentials against Active Directory (via ominauth plugin) and allows log in
  • User uploads SSH key via gitlab web interface
  • gitlab writes key to gitolite keys dir?
  • User attempts to access repo via SSH (e.g. git clone git@host:repo.git)
  • SSH key is sent
  • gitolite checks keys dir and finds key
  • gitolite checks repository permissions and decides to allow the operation
  • repo is cloned

Simples!