配置多个LDAP报以下错误,按照官方文档配置的:
execute[clear the gitlab-rails cache] (gitlab::gitlab-rails line 439) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received ‘1’
---- Begin output of /opt/gitlab/bin/gitlab-rake cache:clear ----
STDOUT:
STDERR: rake aborted!
Devise::OmniAuth::StrategyNotFound: Could not find a strategy with name Ldapsecondary'. Please ensure it is required or explicitly set it using the :strategy_class option. /opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:5:in <top (required)>’
/opt/gitlab/embedded/bin/bundle:23:in load' /opt/gitlab/embedded/bin/bundle:23:in ’
Tasks: TOP => cache:clear => cache:clear:redis => environment
(See full trace by running task with --trace)
---- End output of /opt/gitlab/bin/gitlab-rake cache:clear ----
Ran /opt/gitlab/bin/gitlab-rake cache:clear returned 1
Hi,
If this is gitlab-ce, you cannot use multiple AD/LDAP servers. This is an option only available in gitlab-ee.
Remove the secondary LDAP server from /etc/gitlab/gitlab.rb and then run gitlab-ctl reconfigure. Alternatively, upgrade to gitlab-ee if you want multiple AD servers.
Please check/verify configuration as per Gitlab documentation:
https://docs.gitlab.com/ee/administration/auth/ldap/#multiple-ldap-servers
please post your gitlab.rb so that we can see the AD/LDAP configuration, then we can potentially find the problem.
gitlab_rails[‘ldap_servers’] = {
‘main’ => {
‘label’ => ‘GitLab AD’
‘host’ => ‘master AD’
‘port’ => 389,
‘uid’ => ‘sAMAccountName’,
‘bind_dn’ => ‘cn=admin,cn=users,dc=test,dc=com’,
‘password’ => ‘test123’,
‘encryption’ => ‘plain’,
‘verify_certificates’ => true,
‘active_directory’ => true,
‘allow_username_or_email_login’ => true,
‘block_auto_created_users’ => false,
‘base’ => ‘ou=Z10_IT运维部,dc=test,dc=com’,
'user_filter: ‘’
},
‘secondary’ => {
‘label’ => ‘GitLab Secondary AD’
‘host’ => ‘slave AD’
‘port’ => 389,
‘uid’ => ‘sAMAccountName’,
‘bind_dn’ => ‘cn=admin,cn=users,dc=test,dc=com’,
‘password’ => ‘test123’,
‘encryption’ => ‘plain’,
‘verify_certificates’ => true,
‘active_directory’ => true,
‘allow_username_or_email_login’ => true,
‘block_auto_created_users’ => false,
‘base’ => ‘ou=Z10_IT运维部,dc=test,dc=com’,
‘user_filter’: ‘’
}
}
I think you will have problem with encryption → plain.
Active Directory usually only allows connections on port 636 with SSL, or port 389 with tls.
Change:
‘encryption’ => ‘plain’,
to:
‘encryption’ => ‘start_tls’,
if that doesn’t work, try simple_tls instead of start_tls.
您好,我改了之后还是报如下错误:
There was an error running gitlab-ctl reconfigure:
execute[clear the gitlab-rails cache] (gitlab::gitlab-rails line 437) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received ‘1’
---- Begin output of /opt/gitlab/bin/gitlab-rake cache:clear ----
STDOUT:
STDERR: rake aborted!
Devise::OmniAuth::StrategyNotFound: Could not find a strategy with name Ldapsecondary'. Please ensure it is required or explicitly set it using the :strategy_class option. /opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:5:in <top (required)>’
/opt/gitlab/embedded/bin/bundle:23:in load' /opt/gitlab/embedded/bin/bundle:23:in ’
Tasks: TOP => cache:clear => cache:clear:redis => environment
(See full trace by running task with --trace)
---- End output of /opt/gitlab/bin/gitlab-rake cache:clear ----
Ran /opt/gitlab/bin/gitlab-rake cache:clear returned 1
It seems you still have something in gitlab.rb which is trying to use Ldapsecondary
帮忙看下配置如下:
gitlab_rails[‘ldap_servers’] = {
‘main’ => {
‘label’ => ‘GitLab AD’,
‘host’ => ‘master AD’,
‘port’ => 389,
‘uid’ => ‘sAMAccountName’,
‘bind_dn’ => ‘cn=administrator,cn=users,dc=test,dc=com’,
‘password’ => ‘test123’,
‘encryption’ => ‘start_tls’,
‘verify_certificates’ => true,
‘active_directory’ => true,
‘allow_username_or_email_login’ => true,
‘block_auto_created_users’ => false,
‘base’ => ‘ou=Z10_IT运维部,dc=test,dc=com’,
'user_filter => ‘’
},
‘secondary’ => {
‘label’ => ‘GitLab Secondary AD’,
‘host’ => ‘slave AD’,
‘port’ => 389,
‘uid’ => ‘sAMAccountName’,
‘bind_dn’ => ‘cn=administrator,cn=users,dc=test,dc=com’,
‘password’ => ‘test123’,
‘encryption’ => ‘start_tls’,
‘verify_certificates’ => true,
‘active_directory’ => true,
‘allow_username_or_email_login’ => true,
‘block_auto_created_users’ => false,
‘base’ => ‘ou=Z10_IT运维部,dc=test,dc=com’,
‘user_filter’ => ‘’
}
}
报错信息:
Running handlers:
There was an error running gitlab-ctl reconfigure:
execute[clear the gitlab-rails cache] (gitlab::gitlab-rails line 437) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received ‘1’
---- Begin output of /opt/gitlab/bin/gitlab-rake cache:clear ----
STDOUT:
STDERR: rake aborted!
Devise::OmniAuth::StrategyNotFound: Could not find a strategy with name Ldapsecondary'. Please ensure it is required or explicitly set it using the :strategy_class option. /opt/gitlab/embedded/service/gitlab-rails/config/environment.rb:5:in <top (required)>’
/opt/gitlab/embedded/bin/bundle:23:in load' /opt/gitlab/embedded/bin/bundle:23:in ’
Tasks: TOP => cache:clear => cache:clear:redis => environment
(See full trace by running task with --trace)
---- End output of /opt/gitlab/bin/gitlab-rake cache:clear ----
Ran /opt/gitlab/bin/gitlab-rake cache:clear returned 1
No, check configuration for omniauth as it looks like you try to use LDAPSecondary here. You have something else wrongly configured in gitlab.rb.
我配置了两个LDAP,登录页面怎么就显示一个标签,另外我想问下standard这个标签怎么去掉