I have the goal of only allowing LDAP authentication for users assigned to a specific group in my AD. I was able to authenticate perfectly with a bind account that just lists all users.
I have read the documentation which states.
Tip: If you want to limit access to the nested members of an Active Directory group you can use the following syntax:
Here is my current configuration. I verified the password is 100% correct. “company” is a placeholder. Is my bind_dn string just not correct?
gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'ActiveDirectory' host: 'adds.company.com' port: '636' uid: 'sAMAccountName' method: 'ssl' # "tls" or "ssl" or "plain" bind_dn: 'memberOf=CN=LDAPGitlab,DC=company,DC=com' password: 'redacted' active_directory: true allow_username_or_email_login: false block_auto_created_users: true base: 'DC=company,DC=com' user_filter: ' '
The problem is when I run
gitlab-rake gitlab:ldap:check It comes back with the error message.
`Checking LDAP …
LDAP authentication… Failed. Check
password configuration values
LDAP users with access to your GitLab server (only showing the first 100 results)
Checking LDAP … Finished`
Thank you for taking a look.