Hello,
I am trying to connect to the AD from my Gitlab but I’m getting the below error:
LDAP: … Server: ldapmain
Exception: Connection reset by peer - SSL_connect
Below is my /etc/gitlab/gitlab.rb file:
===============================================================
external_url ‘https://abc.com ’
nginx[‘redirect_http_to_https’] = true
nginx[‘redirect_http_to_https_port’] = 80
nginx[‘proxy_set_headers’] = {
‘X-Forwarded-Proto’ => ‘http’,
‘CUSTOM_HEADER’ => ‘VALUE’
}
letsencrypt[‘enable’] = false
gitlab_rails[‘ldap_enabled’] = true
###! remember to close this block with ‘EOS’ below
gitlab_rails[‘ldap_servers’] = YAML.load <<-‘EOS’
main: # ‘main’ is the GitLab ‘provider ID’ of this LDAP server
label: ‘LDAP’
host: ‘ad.example.com ’
port: 636
uid: ‘sAMAccountName’
bind_dn: ‘CN=readonly,OU=Users,OU=xxx,DC=abc,DC=local’
password: ‘password’
encryption: ‘simple_tls’ # start_tls or simple_tls or plain
verify_certificates: true
smartcard_auth: false
active_directory: true
allow_username_or_email_login: false
lowercase_usernames: false
block_auto_created_users: false
base: ‘OU=Users,OU=xxx,DC=xxx,DC=local’
user_filter: ‘(memberof:1.2.840.113556.1.4.1941:=CN=GitlabAccessGroup,OU=Users,OU=xxx,DC=xxx,DC=local)’
EOS
gitlab_rails[‘backup_keep_time’] = 604800
gitlab_rails[‘backup_upload_connection’] = {
‘provider’ => ‘AWS’,
‘region’ => ‘us-east-1’,
‘use_iam_profile’ => true }
It is working after making the below changes:
port: 389
encryption: 'plain' # start_tls or simple_tls or plain
verify_certificates: true (comment out this line)
But we cannot turn off the encryption and TLS Server authentication.
I have tried below solutions as well, but unfortunately it didn’t worked:
I have some problems configure authentication via LDAPS to Active Directory.
Some info:
SO: CentOS6
Gitlab: gitlab-ce-7.11.4~omnibus-1.x86_64
[root@gitlab ~]# gitlab-rake gitlab:check --trace
** Invoke gitlab:check (first_time)
** Invoke gitlab:env:check (first_time)
** Invoke environment (first_time)
** Execute environment
** Execute gitlab:env:check
Checking Environment ...
Git configured for git user? ... yes
Checking Environment ... Finished
** Invoke gitlab:gitlab_shell:check (first_…
Hello,
Trying to use LDAP authentication against Active Directory (AD). According to known howtos, the below is in /etc/gitlab/gitlab.rb:
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'EXAMPLE'
host: 'EXAMPLE.COM'
port: 636
uid: 'sAMAccountName' # 'sAMAccountName'
method: 'tls' # "tls" or "ssl" or "plain"
bind_dn: 'cn=binduser,cn=Users,dc=example,dc=com'
password: 'superpassword'
timeout: 10
active_dir…
Can someone please guide me how can I solve this issue.
Thank you
iwalker
February 8, 2021, 10:42am
2
Hi, I would try port 636 with plain and see how that goes for you.
There are a few differences when using port 389 and 636. The first being, that with port 389 the initial connection is unencrypted, so therefore it should be utilised with start_tls or simple_tls to then encrypt before continuing the connection. If you are using port 636, then the connection is encrypted already from the start. Therefore, using plain with 636 isn’t going to be a major issue since it’s already encrypted. And TLS won’t work with port 636 anyway, as it’s for use with port 389.
Hello,
@vikas.kadam07 Did you solve this problem?
I have the same error since we updated our domain controllers. I updated gitlab to 15.8.1-ee and still not working. I tried also setting the port to 636 and encryption to the three possibilities as @iwalker suggested.
I have only been able to get it to work setting port to 389 and encryption to plain.
Thank you.
iwalker
February 2, 2023, 11:27am
4
In case of self-signed, untrusted certs, use:
verify_certificates: false
just in case that is an issue.
1 Like
Hi,
I have used the solution posted by @iwalker .
Thanks