Geek Answers Handbook

Invalid credentials - LDAP access error in git community version

I want to install git for version control and continuous integration.

I installed the git community version using the docker-compose file as described in step 2 https://docs.gitlab.com/omnibus/docker/README.html#install-gitlab-using-docker-compose . My docker-compose.yml files look like this:

web:
  image: 'gitlab/gitlab-ce:latest'
  container_name: git
  restart: always
  hostname: 'gitserver'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'https://gitserver.local'
      # Add any other gitlab.rb configuration here, each on its own line
  ports:
    - '80:80'
    - '443:443'
    - '22:22'
  volumes:
    - '/srv/gitlab/config:/etc/gitlab'
    - '/srv/gitlab/ssl:/etc/gitlab/ssl'
    - '/srv/gitlab/logs:/var/log/gitlab'
    - '/srv/gitlab/data:/var/opt/gitlab'

I modified my / srv / gitlab / config / gitlab.rb to enable LDAP:

gitlab_rails['ldap_enabled'] = true

###! **remember to close this block with 'EOS' below**

gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP'
     host: 'x.x.x.x'
     port: 636
     uid: 'sAMAccountName'
     method: 'ssl' # "tls" or "ssl" or "plain"
     bind_dn: 'CN=git ldap,OU=Utility Accounts,OU=San Diego,OU=MYDOMAIN,DC=MYCOMPANY,DC=local'
     password: 'MyPwd'
     active_directory: true
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'CN=git ldap,OU=Utility Accounts,OU=San Diego,OU=MYDOMAIN,DC=MYCOMPANY,DC=local'
EOS

I get the following error on login:

Could not athenticate you from LDAPmain because invalid credentials

/srv/gitlab/logs/gitlab-rails/production.log shows:

Started POST "/users/auth/ldapmain/callback" for x.x.x.x at 2017-07-10 21:11:06 +0000
Processing by OmniauthCallbacksController#failure as HTML
  Parameters: {"utf8"=>"รข", "authenticity_token"=>"BKIQtjz0mu0JlS5bDLGssJFeKGFOJ2cLPKSKAc5JqeyLPBQUkhuI0qcjOTZ9osQEqqlCzPn/PNDlreeENnN28A==", "username"=>"xxx", "password"=>"[FILTERED]"}
Redirected to https://gitserver.local/users/sign_in
Completed 302 Found in 5ms (ActiveRecord: 0.3ms)
Started GET "/users/sign_in" for x.x.x.x at 2017-07-10 21:11:06 +0000
Processing by SessionsController#new as HTML
Completed 200 OK in 143ms (Views: 92.4ms | ActiveRecord: 3.0ms)

I tried several permutations and combinations of LDAP settings, but nothing works. There are several similar settings / errors and suggestions of users on the network about how they solved their problem, but no one works for me.

, : 1) bind dn pwd 2) uid uid sAMAccountName 3) , ssl- 4) allow_username_or_email_login false.

LDAP .. .

. .

!

: , 1) Gitlab: LDAP " " , 2) LDAP Gitlab

UPDATE2: , git ldap, . ,

+6
1

, dn dn . CN dn . "OU = MYDOMAIN, DC = MYCOMPANY, DC = local"

+4

More articles:


All Articles