2

ldapsearch works as expected

ldapsearch -D "CN=Ldap,OU=administrative,OU=usr,OU=Exchange,DC=company,DC=local" -x -h draco.company.com -b DC=company,DC=local -W -

gitlab.rb

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
    label: 'Company LDAP'
    host: 'draco.company.com'
    port: 389
    uid: 'ldap'
    method: 'plain'
    bind_dn: 'OU=usr,OU=Exchange,DC=company,DC=local'
    password: 'secret'
    active_directory: true
    allow_username_or_email_login: false
    base: 'OU=usr,OU=Exchange,DC=company,DC=local'
EOS

Error Message: Could not authorize you from Ldapmain because "Invalid credentials".

are there additional settings that I am missing?

regards

Marko
  • 141
  • Casing of bind_dn and base turned out to be my issue. They are case sensitive. I had lowercase cn, ou, etc. but my AD server expected uppercase CN, OU, etc. Using AD to tell me exactly what it expected helped me out. – Jeremy Cook Dec 14 '15 at 21:45

1 Answers1

2

Solution

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
    label: 'Company LDAP'
    host: 'draco.company.com'
    port: 389
    uid: 'sAMAccountName'
    method: 'plain'
    bind_dn: 'CN=Ldap,OU=administrative,OU=usr,OU=Exchange,DC=company,DC=local'
    password: 'secret'
    active_directory: true
    allow_username_or_email_login: false
    base: 'OU=usr,OU=Exchange,DC=company,DC=local'
EOS

The uid is the name of the column where the user name is stored.

bind_dn has changed to the full qualified name of the ldap user who is able to connect to AD and query all other user.

Helpful link: https://raymii.org/s/tutorials/Gitlab_and_Active_Directory_LDAP_Authentication.html

Marko
  • 141
  • Also ensure user_filter is configured with the proper LDAP query. The server given to me was from a template made for a different OU path. Remember to run gitlab-ctl reconfigure after modifying gitlab.rb. – Chiramisu Oct 25 '19 at 00:24