Could not authenticate you from Ldapmain because "Invalid credentials for Account.svc"

johnpaz · April 6, 2021, 6:47am

Gitlab Community Edition

Gitlab LDAP login is working just fine, but suddenly our user got this error message above.

Error: Could not authenticate you from Ldapmain because “Invalid credentials for Account.svc”.

Troubleshooting done:
Checked that LDAP config is still the same as before
Changed the password for bind_dn user
Run gitlab-ctl reconfigure and gitlab-ctl restart > no go, still the same error

LDAP check log

LDAP: … Server: ldapmain
LDAP authentication… Failed. Check bind_dn and password configuration values
LDAP users with access to your GitLab server (only showing the first 100 results)

LDAP settings

gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’
main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
label: ‘LDAP’
host: ‘X.X.X.X’
port: 389
uid: ‘sAMAccountName’
bind_dn: ‘CN=Account Svc,OU=Software Dev,OU=Admin Accounts,OU=SampleOU Users,DC=internal,DC=com’
password: ‘MyAwesomePassword’
encryption: ‘plain’ # “start_tls” or “simple_tls” or “plain”
verify_certificates: false
smartcard_auth: false
active_directory: true
allow_username_or_email_login: true
lowercase_usernames: true
block_auto_created_users: false
base: ‘OU=Software Dev,OU=Admin Accounts,OU=SampleOU Users,DC=internal,DC=com’
user_filter: ‘’
EOS

iwalker · April 6, 2021, 7:54am

Hi, is this Active Directory? If so, I’m pretty sure that you need to use TLS with port 389, since plain will be clear-text and by default it doesn’t work in AD unless the functionality has been enabled.

So it can either be this, or your binddn user or full path for DN, or password is incorrect.

johnpaz · April 6, 2021, 9:01am

Hi there,

I tried to use start_tls and simple_tls but got an error that connection was reset by peer

For the bind_dn user, I tested it with a computer and I was able to authenticate the username/password. The full path is the same when LDAP authentication is working