Could not authenticate you from Ldapmain because "Invalid credentials"

Hello,
I configure ldap in /etc/gitlab/gitabl.rb.
It works, ‘gitlab-rake gitlab:ldap:check’ gives :
checking LDAP …
Server: ldapmain
LDAP authentication… Success
LDAP users with access to your GitLab server (only showing the first 100 results)
…list of users
Checking LDAP … Finished

But it doesn’t work in Gitab UI. I have Ldap username and password, but it gives the error :
Could not authenticate you from Ldapmain because “Invalid credentials”

Any idea of the problem?

Hi stef,

Before investigating on your problem i request you to share some information which is mentioned below.

  1. run the below command to check the version of gitlab :
    gitlab-rake gitlab:env:info

  2. And post the output of Ldap setting:
    vim /etc/gitlab/gitlab.rb

Thanks!

Hi,

  1. gitlab-rake gitlab:env:info gives :
    System information
    System:
    Proxy: no
    Current User: git
    Using RVM: no
    Ruby Version: 2.3.6p384
    Gem Version: 2.6.13
    Bundler Version:1.13.7
    Rake Version: 12.3.0
    Redis Version: 3.2.11
    Git Version: 2.14.3
    Sidekiq Version:5.0.5
    Go Version: unknown

GitLab information
Version: 10.5.2-ee
Revision: 3834bbe
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
DB Version: 9.6.5
URL: https://gitlab.istic.univ-rennes.fr
HTTP Clone URL: https://gitlab.istic.univ-rennes.fr/some-group/some-project.git
SSH Clone URL: git@gitlab.istic.univ-rennes.fr:some-group/some-project.git
Elasticsearch: no
Geo: no
Using LDAP: yes
Using Omniauth: no

GitLab Shell
Version: 6.0.3
Repository storage paths:

  • default: /var/opt/gitlab/git-data/repositories
    Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
    Git: /opt/gitlab/embedded/bin/git
  1. Ldap settings :
    gitlab_rails[‘ldap_enabled’] = true
    gitlab_rails[‘ldap_servers’] = YAML.load <<-'EOS’
    main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
    label: 'LDAP’
    host: 'my_ldap_server’
    port: 636
    encryption: 'simple_tls’
    uid: 'uid’
    bind_dn: 'the_full_dn_of_the_user_I_will_bind_with’
    password: '_the_password_of_the_bind_user’
    timeout: 10
    allow_username_or_email_login: true
    block_auto_created_users: true
    base: 'the_name_of_the_base’
    user_filter: ‘(composante=917)’

  2. gitlab-rake gitlab:ldap:check gives:
    Checking LDAP …

Server: ldapmain
LDAP authentication… Success
LDAP users with access to your GitLab server (only showing the first 100 results)
…liste of results…
Checking LDAP … Finished

  1. on page https://gitlab.my_domain , I have sign_in with ldap but it doesn’t work.

Thanks for your help !

It looks like you’re creating blocked ldap users, you need to change that to false.

block_auto_created_users: true

Help me!

hi here is my ldif

dn: ou=users,dc=bigdone,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People

dn: uid=artem,ou=users,dc=bigdone,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: artem
sn: artem
cn: artem
userPassword: 12341234

dn: uid=shurik,ou=users,dc=bigdone,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: shurik
sn: shurik
cn: shurik
userPassword: 12341234

is my gitlab.rb
gitlab_rails[‘ldap_enabled’] = true
gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’
main:
label: ‘ldap’
host: ‘shurik.bigdone.com
port: 389
uid: ‘uid’
encryption: ‘plain’
bind_dn: ‘uid=shurik,ou=users,dc=bigdone,dc=com’
password: ‘12341234’
active_directory: false
allow_username_or_email_login: false
block_auto_created_users: false
base: ‘ou:users,dc=bigdone,dc=com’
EOS

when I run server and went to gitlab enter data, I get a message:
Could not authenticate you from Ldapmain because “Invalid credentials for uid=shurik,ou=users,dc=bigdone,dc=com”.

when i do gitlab-rake gitlab:ldap:check

Checking LDAP …

LDAP: … Server: ldapmain
LDAP authentication… Success
LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP … Finished