2

ldapsearch works as expected

ldapsearch -D "CN=Ldap,OU=administrative,OU=usr,OU=Exchange,DC=company,DC=local" -x -h draco.company.com -b DC=company,DC=local -W -

gitlab.rb

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
    label: 'Company LDAP'
    host: 'draco.company.com'
    port: 389
    uid: 'ldap'
    method: 'plain'
    bind_dn: 'OU=usr,OU=Exchange,DC=company,DC=local'
    password: 'secret'
    active_directory: true
    allow_username_or_email_login: false
    base: 'OU=usr,OU=Exchange,DC=company,DC=local'
EOS

Error Message: Could not authorize you from Ldapmain because "Invalid credentials".

are there additional settings that I am missing?

regards

Improve this question
1
  • Casing of bind_dn and base turned out to be my issue. They are case sensitive. I had lowercase cn, ou, etc. but my AD server expected uppercase CN, OU, etc. Using AD to tell me exactly what it expected helped me out. Commented Dec 14, 2015 at 21:45

1 Answer 1

Reset to default
2

Solution

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
    label: 'Company LDAP'
    host: 'draco.company.com'
    port: 389
    uid: 'sAMAccountName'
    method: 'plain'
    bind_dn: 'CN=Ldap,OU=administrative,OU=usr,OU=Exchange,DC=company,DC=local'
    password: 'secret'
    active_directory: true
    allow_username_or_email_login: false
    base: 'OU=usr,OU=Exchange,DC=company,DC=local'
EOS

The uid is the name of the column where the user name is stored.

bind_dn has changed to the full qualified name of the ldap user who is able to connect to AD and query all other user.

Helpful link: https://raymii.org/s/tutorials/Gitlab_and_Active_Directory_LDAP_Authentication.html

Improve this answer
1
  • Also ensure user_filter is configured with the proper LDAP query. The server given to me was from a template made for a different OU path. Remember to run gitlab-ctl reconfigure after modifying gitlab.rb. Commented Oct 25, 2019 at 0:24

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.