Hi
I have enabled LDAP/AD in gitlab. But right now users will have to register with a username and password to login even though they are on AD. What do I need to do to avoid this?. What I need is users will just login to gitlab with their AD credentials.
Thanks
Paras.
If they “register” they become registered users local to the system and GitLab. If you click the “SAML” button below the registration screen, the system will forward the authentication to SAML and AD.
Hi
I am not seeing the SAML button
Thanks
Paras.
With LDAP properly configured you shouldn’t need to register. I see in the screenshot that you are on the register tab. Is this because you tried a LDAP or AD login and got an invalid login error? If that’s the case you should be able to find some LDAP errors in the logs.
If you installed from the omibus package then /var/log/gitlab/gitlab-rails/production.log should provide some relevant details for failed login attempts against the LDAP server.
Looks like my ldap configuration is not working. If you can find anything wrong below it will be highly appreciated. Thanks
Paras
gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’
main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
label: ‘LDAP’
host: ‘back.domain.edu’
port: 389
uid: ‘qut’
method: ‘plain’ # “tls” or “ssl” or “plain”
bind dn: ‘CN=qut,OU=DOMAINUsers,DC=DOMAIN,DC=edu’
password: ‘alphabet’
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: ‘OU=DOMAINUsers,DC=DOMAIN,DC=edu’
user_filter: ‘’
attributes:
username: [‘uid’, ‘userid’, ‘sAMAccountName’]
email: [‘mail’, ‘email’, ‘userPrincipalName’]
name: ‘cn’
first_name: ‘givenName’
last_name: ‘sn’
EE only
group_base: ‘’
admin_group: ‘’
sync_ssh_keys: false
I don’t see anything wrong, but a lot of this configuration is dependent on the domain. You could try to verify that the bind dn and password are valid by running ldapsearch:
ldapsearch -H ldap://back.domain.edu -D "CN=qut,OU=DOMAINUsers,DC=DOMAIN,DC=edu" -W -b "OU=DOMAINUsers,DC=DOMAIN,DC=edu" sAMAccountName
Hi,
This is what I get after I did the ldapsearch. Looks like some configuration issue on base or bind dn?
–
Enter LDAP Password:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
–
Thanks
Paras.
Hello
If I change anything to /etc/gitlab/gitlab.rb, do I need to run gitlab-ctl reconfigure or gitlab-ctl restart is enough?
Thanks
Paras.
You should do reconfigure which will also run restart.
Thanks. I was not running the reconfigure. LDAP works now !.
-Paras.