I have set up a gitlab project and we authenticate via ldap.
I set up our repo and assumed that everyone who authenticated via ldap would be able to access it but that does not seem to be the case. I am having to add each user individually.
The project is now set to public but that has not helped.
Is there a way to bulk add users to a project in gitlab?
I found the issue.
Apparently my licence had not gone through so I was using a basic version which does not support this!
Related
I have integrated my Gitlab server to my LDAP active directory on my internal network. I already have a JIRA server which is already integrated to this LDAP. I have used the same configuration/usergroup from JIRA in the Gitlab as well and my Gitlab is now successfully hooked to the LDAP.
Now i don’t want everyone who can login to Jira to login to the Gitlab account as well. I only want to allow some specific users.
Is there a settings in Gitlab configuration to achieve this thing?
Let me know if anyone can help on this. It will be hugely appreciated.
You have basically two options:
Allow all JIRA users to login but autoblock all signups with block_auto_created_users. Then you have to manually enable new users.
Use the user_filter option to restrict the users which are allowed to sign-up. Here you have two additional choices. You can filter based on the username or better create a group on your LDAP server and then check the group membership with the memberOf function.
I run gitlab and activated mattermost. I created a new project and set up a mattermoast team.
Now I want to add all other users. But my user is no admin in mattermost. how can I solve that?
Thanks in advance.
According to this link, the first user in the system has the system_admin role.
Find the first user that is created on your Mattermost server and use it as an admin account.
Is there a way to call GitLab API apart from using personal "PRIVATE TOKEN"?
Problem with PRIVATE TOKEN is , it need to be updated in settings -> CI/CD -> Environment Variables which is accessible to anyone with maintainer privilege.
And its need to be updated, if the developer moves out of the project .
I found out there is no other way to do it and alternate implementation still in GitLab's backlog.
But just to ensure & looking for if there is any other work around exist.
As of Gitlab 13.9, there's no way to use the API without someone's access token, but you could create a "dummy" Gitlab user and use an access token of theirs if you didn't want to use one belonging to a person.
What I got so far is, it is possible to Authenticate with Personal Access Token and include external CI script but a cleaner approach would be to get access using $CI_JOB_TOKEN since it is more secure and restricted. I am looking into if it can be done this way -
include 'https://gitlab-ci-token:${CI_JOB_TOKEN}#raw-file-url'
I have tried to curl in this format in a dummy script job, but it fails to fetch the file.
Apparently, an external script can be imported using file API and $CI_JOB_TOKEN (https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/2346/diffs), but I am looking into if include feature also support this. Any suggestion on how to achieve that is appreciated.
Unfortunately, CI_JOB_TOKEN is very limited in scope. As of today (GitLab 11.0), you can only do two things with it:
Authenticate with the GitLab Container (Docker) Registry
Authenticate to trigger a multi-project pipeline (EE only)
References:
https://docs.gitlab.com/ce/ci/variables/
https://docs.gitlab.com/ee/ci/variables/
So you cannot use CI_JOB_TOKEN to download a file from another repository, neither via the raw endpoint (/raw/<ref>/<path>) nor the API.
Unfortunately, deploy keys don't help either -- they are only for SSH.
The only workable solution I've come up with is to use a separate user:
Create a new user with Reporter role.
Create a personal access token (/profile/personal_access_tokens) for that user with api and read_repository rights.
Add this token as a secret variable in the project CI/CD settings. Call it e.g. BUILD_USER_TOKEN.
Use $BUILD_USER_TOKEN in your CI script to access the API or project files.
This is a huge hack, and I really hope to see GitLab make CI_JOB_TOKEN a first-class, read-only (?) token with rights to specified resources.
Still there is no support for the CI_JOB_TOKEN to have a useful API access. But they are working on it https://gitlab.com/groups/gitlab-org/-/epics/3559
I'm trying to get to the admin area so I can set the time-to-live for the gitlab container registry token. However, I don't see where that's available to me. I am the sole owner and creator of the project after I signed up for a Gitlab account and clicked to create a new project. My problem is similar to this person:
https://forum.gitlab.com/t/where-is-the-admin-area/5936
except I'm not using Gitlab CE.
So how can I become an admin for my own project so I can change some admin settings?
You can't have access to the admin area of gitlab.com. It is a private instance of Gitlab Enterprise Edition, belonging to Gitlab. They do allow anyone to have unlimited access (any number of public or private repositories as well as groups etc) but you can't be an admin.
Being an admin would mean you could see anyone's projects or delete them etc. That's not reasonable...