Hello,
I did my first installation of Gitlab (12.10.3)
I need to integrate it with an Active Directory (windows server 2012 r2).
I made the following configuration:
but it’s not working. What would I have done wrong?
note: Windows Server has the windows firewall disabled.
On our server, we set bind_dn: in the format admin-gitlab@example.co.uk. Do you get any errors in any of the logs that could help out.
Hello. I managed to solve this first part.
integration worked.
my question now is … can I configure more than 1 base?
Say I have users in 2 OU’s.
TEST-GITLAB (already configured)
and TEST-GITLAB2 …
how do I set up 2 user bases?
We don’t specify an OU. We just use DC=example,DC=co,DC=uk as that will then allow any domain users access to our server with out limiting to an OU.
@veltusti will you please help to solve my issue .
I am also facing issue and unable to connect with AD server, when i run
" gitlab-rake gitlab:ldap:check"
and output is : Checking LDAP …
LDAP: … Server: ldapmain
LDAP authentication… Failed. Check bind_dn
and password
configuration values
LDAP users with access to your GitLab server (only showing the first 100 results)
Checking LDAP … Finished
used ldapsearch to verify bind-dn and password and it worked but with gitlab it is not
Hello,
I also have some issues but in my case the error is:
gitlab-rake gitlab:ldap:check
Checking LDAP …
LDAP: … Server: ldapmain
Exception: no bind result
Checking LDAP … Finished
This problem starts to happen when I migrated the version from 11.6.0 to 11.11.8.
Hi.
I have a question regarding this case also.
I have working configuration. But recently to our team joined guys from other OU’s.
“base” is the the location where github can search for users.
But can i use multiple “base” ?
For example:
base: ‘OU=users, DC=global, DC=com, DC=pl’
base: ‘OU=remoteusers, DC=global, DC=com, DC=pl’
the uid and bind_dn are the same for both AD.
Hi, no there can only be one basedn. You would have to use:
base: 'DC=global, DC=com, DC=pl'
probably better is use user filter and use memberOf to ensure they are in a specific group if you want to restrict certain users. Eg: create group called “Gitlab”, put the users from ou=users and ou=remoteusers in that group, and then use user filter to check membership of the gitlab group. You can find an example for that here: ldap - How to bind a user and ensure they are in the correct group? - Stack Overflow
from the answer:
"(&(cn=My Name)(memberOf=cn=admin,ou=groups,dc=example,dc=com))"
adapt this with your gitlab group that was created, and put this in gitlab.rb where the user-filter appears in the LDAP config section.
1 Like
Yeah… the problem is i am not AD admin and we can not create new OU’s
But from Your example:
base: 'DC=global, DC=com, DC=pl'
This should search inside whole DC global right? All subOU’s?
And after this change reload of settings is ‘gitlab-ctl reconfigure’ right?
Yes, that would allow searching ou=users and ou=remoteusers. Of course, all other ou’s will also be able to be searched and accessed as well. But to restrict though, would require asking your AD/LDAP people to create a group and then add all the users that need to login to Gitlab. That way you can restrict it by using the user-filter option in Gitlab config to stop all other users logging into Gitlab.