# GitLab LDAP配置文件
# 将此配置添加到 /d/23_Gitlab/DockerData/GitlabData/config/gitlab.rb 文件中

# 外部URL配置
external_url 'http://localhost:8880'

# LDAP配置
gitlab_rails['ldap_enabled'] = true
gitlab_rails['prevent_ldap_sign_in'] = false

# LDAP服务器配置
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  main: # 'main' 是任意的标签，用于标识LDAP服务器
    label: 'LDAP'
    host: 'host.docker.internal'  # 如果LDAP服务器在宿主机上运行
    port: 389
    uid: 'uid'  # 用户名属性，根据您的LDAP架构调整
    bind_dn: 'cn=admin,dc=example,dc=com'  # 管理员DN
    password: 'admin'  # 管理员密码
    encryption: 'plain' # 可选: 'start_tls' 或 'simple_tls'
    verify_certificates: false
    smartcard_auth: false
    active_directory: false
    allow_username_or_email_login: true
    lowercase_usernames: false
    block_auto_created_users: false
    base: 'dc=example,dc=com'  # LDAP基础DN
    user_filter: ''
    ## EE only
    group_base: 'ou=groups,dc=example,dc=com'  # 组基础DN
    admin_group: 'administrators'  # 管理员组
    sync_ssh_keys: false
    
    # 用户属性映射
    attributes:
      username: ['uid', 'userid', 'sAMAccountName']
      email: ['mail', 'email', 'userPrincipalName']
      name: 'cn'
      first_name: 'givenName'
      last_name: 'sn'
EOS

# 其他GitLab配置
gitlab_rails['time_zone'] = 'Asia/Shanghai'

# 邮件配置（可选）
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@example.com'
gitlab_rails['gitlab_email_display_name'] = 'GitLab'

# 备份配置（可选）
gitlab_rails['backup_keep_time'] = 604800  # 7天

# 日志级别
gitlab_rails['log_level'] = 'INFO'

# 禁用一些不需要的服务以节省资源（可选）
prometheus_monitoring['enable'] = false
alertmanager['enable'] = false
grafana['enable'] = false

# 如果您想要启用HTTPS，取消注释以下配置
# external_url 'https://localhost'
# nginx['redirect_http_to_https'] = true
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"