Gitlab ldap bind issue

a.warkhade98 · July 27, 2018, 11:56am

Hello,

I am facing some issue while configuring LDAP for Gitlab(Community Edition) details as below -

Checking LDAP ...

Server: ldapmain
**LDAP authentication... Failed. Check `bind_dn` and `password` configuration values**
LDAP users with access to your GitLab server (only showing the first 100 results)

Checking LDAP ... Finished

Below is my gitlab.rb ldap section :

 gitlab_rails['ldap_enabled'] = true

###! **remember to close this block with 'EOS' below**
 gitlab_rails['ldap_servers'] = YAML.load <<-EOS


 main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'GITLAB_LDAP'
     host: 'xxxx.ops.com'
     port: 389
     uid: 'samAccountName'
     method: 'plain' # "tls" or "ssl" or "plain"
     bind_dn: 'CN=akash.warkhade,DC=ops,DC=com'
     password: '#######'
     active_directory: true
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'OU=THA,OU=Users,DC=ops,DC=com'

EOS

I have also tried multiple bind_dn combination like :

bind_dn: 'CN=akash.warkhade,DC=ops,DC=com'
bind_dn: 'CN=akash.warkhade'
bind_dn: 'CN=akash.warkhade@ops.com'
bind_dn: 'CN=Akash Warkhade'

Still it is giving same error while gitlab-rake gitlab:ldap:check

Can someone please help me out to get rid of this issue?

PSKyne · July 27, 2018, 6:53pm

I had similar issues. I found the ADFind utility very helpful as follows:

adfind -h <ADServer>:389 -u "CN=<ADServer>,CN=Users,DC=<my AD domain>,DC=<my AD domain TLD>" -u "<my fully qualified AD domain with TLD>\<my user account> -up *

Query AD for all Groups and Users that have adminCount = 1 (adminSDholder)

`AdFind -default -f "(&(|(&(objectCategory=person)(objectClass=user))(objectCategory=group))(adminCount=1))" -dn`

List member of a Group (for example Group=IT_Support)

`AdFind -b "CN=<AD Group Name>,CN=Users,DC=<my AD domain>,DC=<my AD domain TLD>" member`

Where,

my fully qualified AD domain name is: “example.local”
- my AD domain is “example”
- my AD domain TLD is “local”
the group I’m searching is “Developers”
my AD user account is “GitLabServer_svc_Acct”
my AD server is “msldap.example.local”
your local DNS is pointed to “msldap.example.local”

The above commands (run from windows command prompt or Posershell) would be:

adfind -h msldap.example.local:389 -u "CN=msldap,CN=Users,DC=example,DC=local" -u example.local\GitLabServer_svc_Acct -up *

Or to list members of a group:

adfind -b "CN=Developers,CN=Users,DC=example,DC=local" member

waleed.ahmed · November 11, 2020, 6:09am

@a.warkhade98 i have the same issue, will you please update if you got any solution

heyao · January 15, 2021, 10:31am

我也遇到了同样的问题，请问你们是怎么解决的？