Hi
On Wednesday, April 30, 2014 8:25:06 AM UTC+2, Friedemann S. wrote:
>
> Hi,
> has anyone an idea how to perform this?
>
First of all: Do you really need this: ldap users are automatically created
when a user logs in.
That said, if you need to create the users first: I'm doing the same thing,
using the web api. For me this is a matter of some simple (I'm going to
throw them away afterwards) shell scripts. Below is what I do (specific for
Active Directory - you might need to tweak the ldapsearch stuff). Note that
there's a catch: gitlab _doesn't_ allow us to create unlocked/confirmed
users. This script will send out confirmation mails to each person. That's
unfortunate, for me I just disable outgoing mails and confirm the users
later in the DB using
update users set confirmation_token=null, confirmed_at=now() where
confirmed_at is null;
Also unfortunate is the fact that passwords are a mandatory field - I'm
generating secret/unknown passwords in my script below.
#!/bin/bash
set -e
set -u
. ./config.sh
for user in $(cat ${DATAPATH}/gt_users.txt); do
ldap_result=$(ldap_user_lookup $user)
dn=$(echo "$ldap_result" | grep '^dn:' | cut -c 5- || "")
if [[ -z "$dn" ]]; then
echo "Failed to look up user $user"
continue
fi
password=$(openssl rand -base64 32)
accountName=$(echo "$ldap_result" | grep '^sAMAccountName:' | cut -c
17-)
displayName=$(echo "$ldap_result" | grep '^displayName:' | cut -c 14-)
mail=$(echo "$ldap_result" | grep '^mail:' | cut -c 7-)
read -d '' json << _EOF_ || true
{
"email": "$mail",
"password": "$password",
"username": "$accountName",
"name": "$displayName",
"provider": "ldap",
"extern_uid": "$dn"
}
_EOF_
# Actually create the user, if it didn't exist yet
create_user_result=$(gitlab_api_cmd -d "$json" "$gitlab_api_url/users")
if ! echo $create_user_result | grep -q -E '"id":[[:digit:]]+'; then
echo "Couldn't create user ${user}. Check that no user with that
address exists."
continue
fi
done
where config.sh is the dynamic part, i.e.
DATAPATH=/path/to/the/data/files
gitlab_api_url=http://yourgitlabhostname/api/v3
gitlab_api_token=YourAPITokenFromAnAdminUser
ldap_host="AD/LDAP Hostname or IP"
ldap_base_dn="YourBaseDN"
ldap_bind_dn="YourBindDN"
ldap_bind_pw="YourPassword"
ldap_user_lookup() {
local user_mail=$1;
ldapsearch -LLL -x -h "$ldap_host" -b "$ldap_base_dn" -s base -D
"$ldap_bind_dn" -w "$ldap_bind_pw" -s sub
"(&(&(objectclass=user)(objectcategory=person))(|(msExchShadowProxyAddresses=smtp:$user_mail)(mail=$user_mail)))"
dn sAMAccountName displayName mail | perl -p00e 's/\r?\n //g'
}
gitlab_api_cmd() {
curl -s -H "PRIVATE-TOKEN: $gitlab_api_token" -H 'Accept:
application/json' -H 'Content-Type: application/json' "$@"
}
--
You received this message because you are subscribed to the Google Groups
"GitLab" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
