Adambean
commented
2 months ago Hello, Good question, hopefully this answers:
Gitlab CE has always (for all the years I've used it) supported LDAP authentication directly without this tool, this was never a requirement for that benefit of centralised authentication. You could configure details to reach your directory, signing in would "just work", and you would have a user entity in your Gitlab instance at that point.
The purpose of this tool was to add some features to improve the LDAP experience from a system administration point of view:
- Synchronise users into Gitlab in advance, so people can be assigned to groups and projects prior to their first sign in
- Synchronise changes to users and groups in advance, e.g. name/email/lock changes, either on a periodic (cron) basis or when run again manually
- Synchronise groups and their user memberships (This was always an EE only feature)
I've got 3 instances of Gitlab CE that still make use of this tool as to my knowledge I've not seen all of the above available natively. If those features aren't necessary for your Gitlab then you won't need this tool. There is nothing AD specific to this tool either, it's quite back end agnostic.
If you're looking to reduce technical debt it may be worth your time to convert this tool to a different scripting platform you feel would be more "LTS". Frankly all this tool does is look at data on both sides, compare them, and make the necessary writes on the Gitlab side to match the directory, nothing ground shattering. Its not that I expect PHP or the Symfony components I'm using will be going away any time soon (php is dead meme), though either Perl or Python would likely be good candidates for a conversion. There is of course the growingly popular NodeJS option though that seems to me like it would be more technical debt than PHP by a long way as it still has multi-version compatibility considerations, 3rd party libraries with security considerations, and EoL considerations.
Hope that helps :)
ross-cello
Sorry not an "issue" per se, but as an ignoramous... would like to know whether the gitlab-ce of 2024 supports standard LDAP auth and partially obsoletes the functionality offered here? We sync with AD.
Context is an older build with this incorporated by a departed individual and our requirement to rebuild the host. Hoping to shave some technical debt to make maintenance a little easier for any successors.
Cursory Google with the time afforded so far, has me at a pre-emptive conclusion of Gitlab supporting LDAP on the community edition as of 2024 at least. Will inevitably have to do some more thorough investigation as go-time approaches.
Appreciate your patience and thanks in advance.