Gitlab: LDAP "Invalid credentials" but credentials are correct

Question

Gitlab: LDAP "Invalid credentials" but credentials are correct

The following ldapsearch command works flawlessly.

ldapsearch -LLL -s sub -P 3 -D "CN =, OU = IT, OU = Non-Users, OU = Users, OU = UserAccount, DC =, DC = com" -H ldaps: //. com: -w '' -v -b 'OU = Users, OU = UserAccount, DC =, DC = com' '(& (objectclass = person) (sAMAccountName =))'

But, no matter how I double-check the correctness of the entered values, this, configured in gitlab.yml, does not work.

ldap:
    enabled: true
    host: '.com'
    port:
    uid: 'sAMAccountName'
    method: 'ssl'
    bind_dn: 'CN =, OU = IT, OU = Non-Users, OU = Users, OU = UserAccount, DC =, DC = com '
    password:' '
    allow_username_or_email_login: true
    base:' OU = Users, OU = UserAccount, DC =, DC = com '
    user_filter:' '
    group_base:' '

Yes, BindDN is located in a different place than other users, but to the south of it, so the query base is valid.

All attempts cause this error on the screen:

Unable to authenticate you from LDAP because "Invalid credentials"

production.log points to the following:

GET "/users/sign_in" 127.0.0.1 2014-07-18 08:13:17 -0400
Devise:: SessionController # new HTML
200 OK 21ms (: 12.8ms | ActiveRecord: 0.0ms)
POST" /users/auth/ldap/callback " 127.0.0.1 2014-07-18 08:13:25 -0400
OmniauthCallbacksController # HTML
: {" utf8 "= > " ✓ "," authenticity_token "= > " "," username "= > " "," password "= > " [FILTERED] "}
http:///users/sign_in
302 3 (ActiveRecord: 0.0ms)
GET "/users/sign_in" 127.0.0.1 2014-07-18 08:13:56 -0400
Devise:: SessionController # new HTML
200 OK 10 (: 5.9ms | ActiveRecord: 0.0ms)
POST" /users/auth/ldap/callback " 127.0.0.1 2014-07-18 08:20:03 -0400

LDAP - Active Directory, , , "badPwdCount" , , .

, , , , octuple, , - . , .

?

+1

gitlab ldap

bmelton 18 . '14 13:21

3

, , , LDAP , Jenkins, SonarQube; ..

, DefaultForceNoPage true ldap.rb ( gitlab):

/opt/gitlab/embedded/lib/ruby/gems/2.3.0/gems/net-ldap-0.16.0/lib/net/ldap.rb
                                                                      ^^^^^^^

false . , true, GitLab, :

gitlab-ctl reconfigure

, :

gitlab-rake gitlab:ldap:check

. , , :

uid: 'mail'

0

Raktim Biswas 31 . '19 14:35

" " LDAP gitlab. ldap. gitlab appln AD.

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
  label: 'LDAP'
  host: '<LDAP hostname>'
  port: 389
  uid: 'sAMAccountName'
  method: 'plain' # "tls" or "ssl" or "plain"

  bind_dn: 'CN=<user name>,OU=<ou1>,OU=<ou2>,...,DC=example,DC=com'
  password: 'My_Password'
  active_directory: true
  allow_username_or_email_login: true
  block_auto_created_users: false
  base: 'DC=example,DC=com'

bind_dn. AD, dn .

-1

sudharsan 26 . '16 12:02

Girish KG · Accepted Answer · 2014-08-07T13:23:41+0000

AD LDAP.

#########################################
ldap:  
    enabled: true  
    host: '16.184.18.88'  
    port: 636  
    uid: 'sAMAccountName'   #userPrincipalName  
    method: 'ssl' # "tls" or "ssl" or "plain"  
    bind_dn: 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=net'  
    password: 'My_Password'  
    allow_username_or_email_login: false  
    base: 'CN=Users,DC=mydomain,DC=net'  
    user_filter: '(memberOf=CN=Developers,OU=GitLabHQ,DC=mydomain,DC=net)'  
    group_base: 'OU=GitLabHQ,DC=mydomain,DC=net'  
    admin_group: GitLabAdmins
########################################

Gitlab: LDAP "Invalid credentials" but credentials are correct

More articles: