Could not authenticate you from Ldapmain because “Invalid credentials for user.name”

How to Use GitLab Self-managed
1

I use

  • debian 9
  • gitlab-ce 11.10.4-ce.0
  • omnibus install via apt
  • openldap 2.4.44

ldap configuration

Configured /etc/ldap/ldap.conf :

BASE	dc=serverX,dc=lan
URI	    ldap://serverX.lan
TLS_CACERT	/etc/ssl/certs/ca-certificates.crt

Configured /etc/gitlab/gitlab.rb :

gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-EOS
  label: 'Gitlab LDAP'
  host: '10.0.0.1'
  port: 389
  uid: 'sAMAccountName'
  method: 'plain' # "tls" or "ssl" or "plain"
  bind_dn: 'cn=admin,dc=serverX,dc=lan'
  password: 'xxxx'
  encryption: 'plain'
  active_directory: true
  allow_username_or_email_login: true
  block_auto_created_users: false
  base: 'ou=users,dc=serverX,dc=lan'
  user_filter: ''
  attributes:
    username: ['uid', 'userid', 'sAMAccountName']
    email:    ['mail', 'email', 'userPrincipalName']
    name:       'cn'
    first_name: 'givenName'
    last_name:  'sn'
  #username: ['uid', 'email']
  #email:    ['mail', 'email']

Output of gitlab-rake gitlab:ldap:check is OK :

# gitlab-rake gitlab:ldap:check
Checking LDAP ...

LDAP: ... Server: ldapmain
LDAP authentication... Success
LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP ... Finished

Users created from [tag:phpladmin] :

enter image description here

Searched tons of web ressources, but I can’t figure out the way to create LDAP users or use existing ones.

I don’t know what is the issue and why I get Invalid credentials for user.name : I edited via phpladmin the Password attribute (md5) and I type the same one in the LDAP Gitlab login page :

enter image description here

Gitlab logs :

==> /var/log/gitlab/gitlab-rails/production.log <==
Started POST "/users/auth/ldapmain/callback" for 10.0.0.1 at 2019-05-16 07:56:16 +0200
Processing by OmniauthCallbacksController#failure as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"user.name", "password"=>"[FILTERED]"}
Redirected to http://domainX.lan/users/sign_in
Completed 302 Found in 411ms (ActiveRecord: 23.1ms)
Started GET "/users/sign_in" for 10.0.0.1 at 2019-05-16 07:56:17 +0200
Processing by SessionsController#new as HTML
Completed 200 OK in 119ms (Views: 104.6ms | ActiveRecord: 7.5ms)

==> /var/log/gitlab/unicorn/unicorn_stdout.log <==
I, [2019-05-16T07:56:16.907169 #3996]  INFO -- omniauth: (ldapmain) Callback phase initiated.
E, [2019-05-16T07:56:16.917884 #3996] ERROR -- omniauth: (ldapmain) Authentication failure! invalid_credentials: OmniAuth::Strategies::LDAP::InvalidCredentialsError, Invalid credentials for user.name

Anyone knows what’s wrong ?

2

Solved, check https://stackoverflow.com/questions/56161699/could-not-authenticate-you-from-ldapmain-because-invalid-credentials-for-user-n/56165991?noredirect=1#comment98973794_56165991