dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'doc-app_gerrit' into 'master' 

Doc: add application gerrit

See merge request lemonldap-ng/lemonldap-ng!171
This commit is contained in:
Clément OUDOT 2020-11-30 10:30:01 +01:00
parent 93cb619cd2 1d8a46493c
commit 7ec5f5c1c6
3 changed files with 91 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/sources/admin/applications.rst
View File

@ -15,6 +15,7 @@ Applications
applications/dokuwiki
applications/drupal
applications/fusiondirectory
applications/gerrit
applications/gitlab
applications/glpi
applications/googleapps
@ -89,6 +90,7 @@ Application Configuration
.. image:: applications/dokuwiki_logo.png :doc:`Dokuwiki<applications/dokuwiki>`
.. image:: applications/drupal_logo.png :doc:`Drupal<applications/drupal>`
.. image:: applications/fusiondirectory-logo.jpg :doc:`FusionDirectory<applications/fusiondirectory>`
.. image:: applications/gerrit_logo.png :doc:`Gerrit<applications/gerrit>`
.. image:: applications/gitlab_logo.png :doc:`Gitlab<applications/gitlab>` ✔ ✔
.. image:: applications/glpi_logo.png :doc:`GLPI<applications/glpi>`
.. image:: applications/googleapps_logo.png :doc:`Google Apps<applications/googleapps>`

89
doc/sources/admin/applications/gerrit.rst Normal file
View File

@ -0,0 +1,89 @@
Gerrit
======
|image0|
Presentation
------------
`Gerrit <https://www.gerritcodereview.com/>`__ allows to review commits before they are integrated into a target branch.
With the `OAuth2 provider plugin <https://gerrit.googlesource.com/plugins/oauth/>`__ Gerrit can use OAuth2 protocol for authentication.
Configuration
-------------
Gerrit
------
`Install <https://gerrit-review.googlesource.com/Documentation/config-plugins.html#installation>`__ the OAuth Provider plugin.
.. tip::
The LemonLDAP::NG support was added on February 23, 2020.
If you can't find a prebuilt package, you can use this `dockerfile <https://github.com/atisne/gerrit-oauth-build>`__ to build your own.
Then, configure Gerrit:
In ``/var/gerrit/etc/gerrit.config``
::
...
[auth]
type = OAUTH
gitBasicAuthPolicy = HTTP
...
[plugin "gerrit-oauth-provider-lemonldap-oauth"]
root-url = https://auth.<LLNG_SERVER>
client-id = <GERRIT_CLIENT_ID>
In ``/var/gerrit/etc/secret.config``
::
...
[plugin "gerrit-oauth-provider-lemonldap-oauth"]
client-secret = <GERRIT_CLIENT_SECRET>
LL::NG
------
Add an Open ID Connect Relying Party for Gerrit
.. code-block:: bash
# Exported attributes (the values must fit your LDAP schema)
lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataExportedVars/gerrit preferred_username uid \
oidcRPMetaDataExportedVars/gerrit name cn \
oidcRPMetaDataExportedVars/gerrit email mail \
oidcRPMetaDataExportedVars/gerrit sub email
# Options > Basic > Allowed redirection addresses for login
# > Logout > Allowed redirection addresses for logout
lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsRedirectUris 'http://<GERRIT_SERVER>/oauth' \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsPostLogoutRedirectUris 'https://<GERRIT_SERVER>/'
# Options > Basic > Client ID
# > Basic > Client Secret
lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsClientID '<GERRIT_OAUTH_ID>' \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsClientSecret '<GERRIT_OAUTH_SECRET>'
# Timeout > ID Token expiration
# > Access Token expiration
# Security > ID Token signature algorithm
lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsIDTokenExpiration 3600 \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsAccessTokenExpiration 3600 \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsIDTokenSignAlg RS512
.. |image0| image:: /applications/gerrit_logo.png
:class: align-center

BIN
doc/sources/admin/applications/gerrit_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB