Hello all.
I have the goal of only allowing LDAP authentication for users assigned to a specific group in my AD. I was able to authenticate perfectly with a bind account that just lists all users.
I have read the documentation which states.
Tip: If you want to limit access to the nested members of an Active Directory group you can use the following syntax:
(memberOf=CN=My Group,DC=Example,DC=com)
Here is my current configuration. I verified the password is 100% correct. “company” is a placeholder. Is my bind_dn string just not correct?
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'ActiveDirectory'
host: 'adds.company.com'
port: '636'
uid: 'sAMAccountName'
method: 'ssl' # "tls" or "ssl" or "plain"
bind_dn: 'memberOf=CN=LDAPGitlab,DC=company,DC=com'
password: 'redacted'
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: true
base: 'DC=company,DC=com'
user_filter: ' '
The problem is when I run gitlab-rake gitlab:ldap:check It comes back with the error message.
`Checking LDAP …
Server: ldapmain
LDAP authentication… Failed. Check bind_dn and password configuration values
LDAP users with access to your GitLab server (only showing the first 100 results)
Checking LDAP … Finished`
Thank you for taking a look.