Skip to content

GitLab

lemonldap-ng
lemonldap-ng
Commit 8af30099 authored by Xavier Guimard's avatar Xavier Guimard
Browse files
Options

Update doc

parent d95e0d02
Pipeline #910 passed with stage
    in 2 minutes and 21 seconds
    Expand all Hide whitespace changes
    Inline Side-by-side
    Showing with 2248 additions and 997 deletions
    doc/pages/documentation/current/activedirectoryminihowto.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/adfs.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/alfresco.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/authbasic.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/aws.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/bugzilla.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/bugzilla_logo.png_documentation_2.0_applications_bugzilla.html
    View file @ 8af30099
    ......@@ -52,9 +52,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    <script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    ......
    doc/pages/documentation/current/applications/cornerstone.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/csod_logo.png_documentation_2.0_applications_cornerstone.html
    View file @ 8af30099
    ......@@ -52,9 +52,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    <script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    ......
    doc/pages/documentation/current/applications/django.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/dokuwiki.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/dokuwiki_logo.png_documentation_2.0_applications_dokuwiki.html
    View file @ 8af30099
    ......@@ -52,9 +52,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    <script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    ......
    doc/pages/documentation/current/applications/drupal.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/drupal_logo.png_documentation_2.0_applications_drupal.html
    View file @ 8af30099
    ......@@ -52,9 +52,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    <script type="text/javascript" src="/javascript/bootstrap/js/bootstrap.min.js"></script>
    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    ......
    doc/pages/documentation/current/applications/fusiondirectory.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/gitlab.html 0 → 100644
    View file @ 8af30099
    <!DOCTYPE html>
    <html lang="en" dir="ltr">
    <head>
    <meta charset="utf-8" />
    <title>documentation:2.0:applications:gitlab</title>
    <meta name="generator" content="DokuWiki"/>
    <meta name="robots" content="noindex,nofollow"/>
    <meta name="keywords" content="documentation,2.0,applications,gitlab"/>
    <link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
    <link rel="start" href="gitlab.html"/>
    <link rel="contents" href="gitlab.html" title="Sitemap"/>
    <link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
    <!-- //if:usedebianlibs
    <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
    //elsif:useexternallibs
    <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
    //elsif:cssminified
    <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
    //else -->
    <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
    <!-- //endif -->
    <script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:gitlab","namespace":"documentation:2.0:applications"};
    /*!]]>*/</script>
    <script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
    <!-- //if:usedebianlibs
    <script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
    //else -->
    <script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
    <!-- //endif -->
    <!-- //if:usedebianlibs
    <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    <div class="dokuwiki export container">
    <!-- TOC START -->
    <div id="dw__toc">
    <h3 class="toggle">Table of Contents</h3>
    <div>
    <ul class="toc">
    <li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
    <li class="level1"><div class="li"><a href="#saml">SAML</a></div>
    <ul class="toc">
    <li class="level2"><div class="li"><a href="#gitlab_configuration">Gitlab configuration</a></div></li>
    <li class="level2"><div class="li"><a href="#llng_configuration">LL::NG configuration</a></div></li>
    <li class="level2"><div class="li"><a href="#manage_groups">Manage groups</a></div></li>
    </ul></li>
    </ul>
    </div>
    </div>
    <!-- TOC END -->
    <h1 class="sectionedit1" id="gitlab">Gitlab</h1>
    <div class="level1">
    <p>
    <img src="gitlab_logo.png" class="mediacenter" alt="" />
    </p>
    </div>
    <!-- EDIT1 SECTION "Gitlab" [1-67] -->
    <h2 class="sectionedit2" id="presentation">Presentation</h2>
    <div class="level2">
    <p>
    See <a href="https://about.gitlab.com/" class="urlextern" title="https://about.gitlab.com/" rel="nofollow">Gitlab</a> page for product presentation.
    </p>
    <p>
    Gitlab allows to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users, see <a href="https://docs.gitlab.com/ee/integration/saml.html" class="urlextern" title="https://docs.gitlab.com/ee/integration/saml.html" rel="nofollow">official documentation</a>
    </p>
    </div>
    <!-- EDIT2 SECTION "Presentation" [68-296] -->
    <h2 class="sectionedit3" id="saml">SAML</h2>
    <div class="level2">
    <p>
    For this example, we use these sample values:
    * Gitlab <abbr title="Uniform Resource Locator">URL</abbr> : <a href="https://gitlab.example.com" class="urlextern" title="https://gitlab.example.com" rel="nofollow">https://gitlab.example.com</a>
    * <abbr title="LemonLDAP::NG">LL::NG</abbr> portal <abbr title="Uniform Resource Locator">URL</abbr> : <a href="https://auth.example.com" class="urlextern" title="https://auth.example.com" rel="nofollow">https://auth.example.com</a>
    </p>
    </div>
    <!-- EDIT3 SECTION "SAML" [297-452] -->
    <h3 class="sectionedit4" id="gitlab_configuration">Gitlab configuration</h3>
    <div class="level3">
    <p>
    Find the gitlab.rb file and add these settings:
    </p>
    <pre class="code">vi /etc/gitlab/gitlab.rb</pre>
    <pre class="code file ruby">gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_enabled'</span><span class="br0">&#93;</span> = <span class="kw2">true</span>
    gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_allow_single_sign_on'</span><span class="br0">&#93;</span> = <span class="br0">&#91;</span><span class="st0">'saml'</span><span class="br0">&#93;</span>
    gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_auto_link_saml_user'</span><span class="br0">&#93;</span> = <span class="kw2">true</span>
    gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_block_auto_created_users'</span><span class="br0">&#93;</span> = <span class="kw2">false</span>
    &nbsp;
    gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_providers'</span><span class="br0">&#93;</span> = <span class="br0">&#91;</span>
    <span class="br0">&#123;</span>
    name: <span class="st0">'saml'</span>,
    args: <span class="br0">&#123;</span>
    assertion_consumer_service_url: <span class="st0">'https://gitlab.example.com/users/auth/saml/callback'</span>,
    idp_cert_fingerprint: <span class="st0">'99:BE:7B:68:3F:XX:7D:EF:6B:C3:XX:C0:0E:XX:D4:EA:02:XX:83:2A'</span>,
    idp_sso_target_url: <span class="st0">'https://auth.example.com/saml/singleSignOn'</span>,
    issuer: <span class="st0">'https://gitlab.example.com'</span>,
    name_identifier_format: <span class="st0">'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'</span>
    <span class="br0">&#125;</span>,
    label: <span class="st0">'Login with LL::NG'</span> <span class="co1"># optional label for SAML login button</span>
    <span class="br0">&#125;</span>
    <span class="br0">&#93;</span></pre>
    <div class="notetip">To get the fingerprint of IDP certificate, copy <abbr title="Security Assertion Markup Language">SAML</abbr> certificate from <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration in a file and use openssl:
    <pre class="code">openssl x509 -in CERT.pem -noout -fingerprint</pre>
    </div>
    <p>
    You can force <abbr title="Security Assertion Markup Language">SAML</abbr> by default with this option:
    </p>
    <pre class="code file ruby">gitlab_rails<span class="br0">&#91;</span><span class="st0">'omniauth_auto_sign_in_with_provider'</span><span class="br0">&#93;</span> = <span class="st0">'saml'</span></pre>
    <p>
    In this case, users won&#039;t be able to log directly on gitlab. Set it once you are sure the <abbr title="Security Assertion Markup Language">SAML</abbr> configuration is valid.
    </p>
    <p>
    To apply changes:
    </p>
    <pre class="code">gitlab-ctl reconfigure</pre>
    </div>
    <!-- EDIT4 SECTION "Gitlab configuration" [453-1845] -->
    <h3 class="sectionedit5" id="llng_configuration">LL::NG configuration</h3>
    <div class="level3">
    <p>
    We suppose <abbr title="LemonLDAP::NG">LL::NG</abbr> is configured as <abbr title="Security Assertion Markup Language">SAML</abbr> IDP, and that you converted the public key into a certificate for <abbr title="Security Assertion Markup Language">SAML</abbr> signature. You must enable the option to send certificates in response. If you don&#039;t want to, you need to copy the certificate value into Gitlab configuration, in `idp_cert` parameter.
    </p>
    <p>
    You can get Gitlab <abbr title="Security Assertion Markup Language">SAML</abbr> metadata on <a href="https://gitlab.example.com/users/auth/saml/metadata" class="urlextern" title="https://gitlab.example.com/users/auth/saml/metadata" rel="nofollow">https://gitlab.example.com/users/auth/saml/metadata</a>
    </p>
    <p>
    Register them in <abbr title="LemonLDAP::NG">LL::NG</abbr> and send these <abbr title="Security Assertion Markup Language">SAML</abbr> attributes:
    </p>
    <ul>
    <li class="level1"><div class="li"> mail ⇒ email</div>
    </li>
    <li class="level1"><div class="li"> uid ⇒ uid</div>
    </li>
    <li class="level1"><div class="li"> cn ⇒ name</div>
    </li>
    </ul>
    <div class="noteimportant">The value from <abbr title="LemonLDAP::NG">LL::NG</abbr> mail session attribute must be the email of the user in Gitlab database, in order to associate accounts.
    </div>
    </div>
    <!-- EDIT5 SECTION "LL::NG configuration" [1846-2520] -->
    <h3 class="sectionedit6" id="manage_groups">Manage groups</h3>
    <div class="level3">
    <p>
    You can pass groups to Gitlab. For this, declare groups attribute in gitlab.rb:
    </p>
    <pre class="code file ruby">...
    <span class="me1">gitlab_rails</span><span class="br0">&#91;</span><span class="st0">'omniauth_providers'</span><span class="br0">&#93;</span> = <span class="br0">&#91;</span>
    <span class="br0">&#123;</span>
    name: <span class="st0">'saml'</span>,
    groups_attribute: <span class="st0">'groups'</span>,
    ...</pre>
    <p>
    And in <abbr title="LemonLDAP::NG">LL::NG</abbr>, export the groups attribute:
    </p>
    <ul>
    <li class="level1"><div class="li"> groups ⇒ groups</div>
    </li>
    </ul>
    </div>
    <!-- EDIT6 SECTION "Manage groups" [2521-] --></div>
    </body>
    </html>
    doc/pages/documentation/current/applications/glpi.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->
    <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
    <!-- //endif -->
    </head>
    <body>
    ......
    doc/pages/documentation/current/applications/googleapps.html
    View file @ 8af30099
    ......@@ -36,9 +36,9 @@
    //elsif:useexternallibs
    <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
    //elsif:jsminified
    <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
    <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
    //else -->