Configuring TLS Mutual Authentication with LDAP

Hi there new to the forums. I’m trying to setup a gitlab server behind an NGINX reverse proxy.

My use case is:

  • The reverse proxy is performing mutual TLS authentication of users. All users have a certificate installed that they can authenticate with

  • I have MS AD setup for storing users & groups. I have connected gitlab to AD in the past for other clients & could leverage this if needed

I would like to setup gitlab such that users would only need to authenticate with their certificates & would not be asked to provide a username or password. I’m not seeing how I would go about doing that in gitlab.

Near as I can tell, even if I enabled TLS mutual auth for gitlab, users will still be prompted for a username & password.

As I already have the infrastructure / processes in place to distribute per user certificates, I’d really like to stay away from passwords, especially password reset processes as they create an administrative burden I’d rather not have.

If it helps, Jenkins (which I am also building out) has a plugin that effectively accomplishes this task & integrates with AD (here). I was hoping to find something similar for gitlab.

I did a quick forum search & didn’t see anything helpful.

Thanks in advance.