Authentication workflow for gitlab, gitolite and AD
gitlab and gitolite can be integrated with Active Directory (or another LDAP server), but how it works is a bit roundabout.
- User logs in to gitlab web interface
- gitlab checks user’s credentials against Active Directory (via ominauth plugin) and allows log in
- User uploads SSH key via gitlab web interface
- gitlab writes key to gitolite keys dir?
- User attempts to access repo via SSH (e.g.
git clone git@host:repo.git
) - SSH key is sent
- gitolite checks keys dir and finds key
- gitolite checks repository permissions and decides to allow the operation
- This could be because user is a member of an AD group which has been assigned perms in
gitolite.conf
- Script to pull group info from AD
- This could be because user is a member of an AD group which has been assigned perms in
- repo is cloned
Simples!