How to get external users into GitLab integrated into Windows Active Directory only?

Hi everyone,

I’m part of some company having a self-hosted GitLab, I think I saw something with version 14 or alike somewhere. That instance is integrated into Windows Active Directory AFAIK, am not the admin, don’t know the details too much and asking the admin directly is difficult for too many reasons.

So, that instance is used by company employees only currently, but I would like to provide access to 3rd party customers. I did so already using access tokens for cloning individual repos and that works fine, but I would like to make the issue tracker, the wiki,m the web-UI etc. available as well, at least for some special projects of interest.

Looking at the login form of that instance, self-registration is disabled, but there are two inputs, one for members of the company using AD-usernames and one for other usernames and/or mail addresses. So it looks like having non-AD members in the same instance is possible at all as well.

Is that correct and self-hosted GitLab can mix AD- and non-AD-users? If so, how do I create non-AD-users? Does one need to enable self-registration or is there some other way to create non-AD-users manually only as well? I would prefer the latter and need to know which permissions are necessary to do so, where to do it in the web-UI etc.


Is it really as simple as that? Though, I’m not the admin, are there any more fine-grained permissions which could be forwarded to me to create non-AD users?

Usually you create users under Admin → Users in Gitlab. As per the link you posted. Then you have to assign permissions: Permissions and roles | GitLab

Guest is minimum, but it won’t let you do much.
Reporter adds to that in that issues can be created, etc.

You cannot customise the permissions. Therefore you cannot set any fine-grained permissions by disabling things you don’t want them to have access to that appears in those permission levels.

Im not talking about permissions for non-AD users, I’m fine with those. But the permissions I need to create those users. The docs say one needs to be admin, which I’m not. Are there any additional permissions or group the admin of the GitLab instance could provide so that I can create non-AD users myself? Sadly, it’s somewhat likely that I won’t get full admin permissions on the instance.

Well yeah, if you want to create users in your Gitlab instance, then you need to be an admin, or you need to ask your Gitlab admin to create them for you. There are no other level of permissions for creating users other than Admin. Or you have to enable registration which can open up a whole other load of problems. This has obviously been disabled for a reason, because you are integrated with AD/LDAP and they don’t want people creating additional accounts.

So if you are not an Admin, you can:

  1. Ask your Gitlab Admin to make you an Admin as well.
  2. Ask him to create some local users for you and assign them with Guest, Reporter, or whatever level you need them to have.

That’s about all you can do.