Gitlab ldap bind issue


I am facing some issue while configuring LDAP for Gitlab(Community Edition) details as below -

Checking LDAP ...

Server: ldapmain
**LDAP authentication... Failed. Check `bind_dn` and `password` configuration values**
LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP ... Finished

Below is my gitlab.rb ldap section :

 gitlab_rails['ldap_enabled'] = true

###! **remember to close this block with 'EOS' below**
 gitlab_rails['ldap_servers'] = YAML.load <<-EOS

 main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'GITLAB_LDAP'
     host: ''
     port: 389
     uid: 'samAccountName'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: 'CN=akash.warkhade,DC=ops,DC=com'
     password: '#######'
     active_directory: true
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'OU=THA,OU=Users,DC=ops,DC=com'


I have also tried multiple bind_dn combination like :

  1. bind_dn: 'CN=akash.warkhade,DC=ops,DC=com'
  2. bind_dn: 'CN=akash.warkhade'
  3. bind_dn: ''
  4. bind_dn: 'CN=Akash Warkhade'

Still it is giving same error while gitlab-rake gitlab:ldap:check

Can someone please help me out to get rid of this issue?

I had similar issues. I found the ADFind utility very helpful as follows:

adfind -h <ADServer>:389 -u "CN=<ADServer>,CN=Users,DC=<my AD domain>,DC=<my AD domain TLD>" -u "<my fully qualified AD domain with TLD>\<my user account> -up *

Query AD for all Groups and Users that have adminCount = 1 (adminSDholder)
`AdFind -default -f "(&(|(&(objectCategory=person)(objectClass=user))(objectCategory=group))(adminCount=1))" -dn`
List member of a Group (for example Group=IT_Support)
`AdFind -b "CN=<AD Group Name>,CN=Users,DC=<my AD domain>,DC=<my AD domain TLD>" member`


  • my fully qualified AD domain name is: “example.local”
    • my AD domain is “example”
    • my AD domain TLD is “local”
  • the group I’m searching is “Developers”
  • my AD user account is “GitLabServer_svc_Acct”
  • my AD server is “msldap.example.local”
  • your local DNS is pointed to “msldap.example.local”

The above commands (run from windows command prompt or Posershell) would be:

adfind -h msldap.example.local:389 -u "CN=msldap,CN=Users,DC=example,DC=local" -u example.local\GitLabServer_svc_Acct -up *

Or to list members of a group:

adfind -b "CN=Developers,CN=Users,DC=example,DC=local" member